New
#1
Discovered after trying to sign-into MS that the FIDO2 key was removed
I don't use my Microsoft account for many services but when I need to sign-in to my MS account to use those, I've always been able to sign-in with the security key by Yubico. Its the blue key w/ a gold circle. I use a local account which suffices for most of the things I do on the desktop without needing to sign-in to MS
The key was added to my account and set up using Edge way back when it first became Microsoft compliant. I discovered yesterday when trying to sign-in to MS using the security key that my key wasn't listed in the advanced security options any longer with the other verification options. No one else uses my desktop or has access to it or to any of my service accounts. The account was protected w/ 2-step verification using the authenticator. I do not believe the account was breached at all with these security measures that've been in place for years.
The problem runs deeper than this though. After I discovered that the key was no longer listed as one of the options, I went to Windows settings and selected the key as one of the sign-in options. I changed my PIN and proceeded to sign-in.
I followed the MS support instructions and added the key back from the Edge browser.
Yet after I saw the key was added with a check mark next to it as an additional verification option to use, I signed out of my account from Edge. I then attempted to sign-in again selecting the security key as the option. I'll receive slightly different messages now in the steps to sign-in using the key than what used to appear before.
Its as though the key is detected, the authentication request is successful after inserting the key in the USB port, but after touching the gold flashing light to unlock the private key stored in the FIDO2 security key, the process appears to break down. Its almost as though the token request with my signed nonce by touching the flashing light either isn't sent or either isn't verified.
There wouldn't be a reason to perform a reset on the key and return it back to factory default settings when the same key works flawlessly with all my other accounts ! aka, Google, etc, etc
I was going to reach out to Yubico, but this isn't an issue with any other account. . . the process only fails signing-in to my MS account. An attempt to sign-in fails with Firefox as well. I don't use a Windows Hello PIN.
[EDIT] : there are no stupid questions here on TenForums so I want to ask one. I don't see anywhere stating the need to select Passwordless account under the advanced security options for the authentication process to be set up correctly. If so, then I shouldn't be concerned that Passwordless account is turned Off. Correct ?
Quote
