Skip to main content
Skip to main content
Microsoft 365

Windows Hello and FIDO2 Security Keys enable secure and easy authentication for shared devices

We have been on a journey to eliminate passwords. Today, we are delighted to announce an important milestone.

Microsoft has been aligned with the Fast Identity Online (FIDO) working group from the start, the alliance represents 250 organizations from various industries on a joint mission to replace passwords with an easy to use strong credential. With the recent ratification of FIDO2 security keys by the FIDO working group, we’re updating Windows Hello to enable secure authentication for many new scenarios.

Security Key by Yubico
Security Key by Yubico

Imagine a helpdesk scenario where an employee can walk up to any device and simply log in using Windows Hello and not username and password. Another scenario is hospital medical staff that need access a patient records on a device no matter where the patient is located. Or a public-sector organization that wants secure authentication on devices while adhering to security policies and directives where the users credential needs to be physically separate from the device itself.

Microsoft and its partners have been working together on FIDO2 security keys for Windows Hello to enable easy and secure authentication on shared devices. Security keys allow you to carry your credential with you and safely authenticate to an Azure AD joined Windows 10 PC that’s part of your organization. A user can walk up to any device belonging to the organization and authenticate in a secure way – no need to enter a username and password or set-up Windows Hello beforehand. Unlike traditional passwords, these keys rely on high-security, public-key cryptography to provide strong authentication. These keys have all the benefits of a Trusted Platform Module (TPM) while also being portable enabling the increasing number of mobile workers.

FIDO2 compliant security keys provide secure authentication, independent of the form factor. The security key holds your credential and can be protected with an additional second factor like fingerprint (integrated into the security key) or a PIN to be entered at the Windows sign-in.

Our partners are working on a variety of security key form factors. Some examples include USB security keys and NFC enabled smartcards, just to name a few. We are looking forward to seeing new form factors and possibly applications on your phone that comply with the FIDO2 specification.

Here’s a glimpse into the security keys from our partners we’ve been working closely with

Yubico – Security key for Windows Hello

HID – Security key for Windows Hello

Feitian – Security key for Windows Hello with biometric sensor

Related posts

Image for: Image of a remote worker working at his desk. An Excel spreadsheet is open.
• 9 min read

Enhancing VPN performance to enable remote work

How our IT team redesigned Microsoft’s virtual private network platform.

Image for: Government data protection—earning and retaining the public’s trust with Microsoft 365
• 6 min read

Government data protection—earning and retaining the public’s trust with Microsoft 365

Earning and retaining the public’s trust requires a modern approach to protecting data. Governments can adopt a Zero Trust approach to cybersecurity with the help of Microsoft 365.

Image for: Image of the ThinkPad Plus from Lenovo.
• 2 min read

CES 2020—new commercial devices unveiled by Microsoft partners Acer, Dell, HP, and Lenovo

New devices from Acer, Dell, HP, and Lenovo provide a productive, secure experience for on-the-go professionals.