Windows Hello & FIDO2 Security Keys authentication for shared devices

  1. Brink's Avatar
    Posts : 36,954
    64-bit Windows 10 Pro build 18855
       #1

    Windows Hello & FIDO2 Security Keys authentication for shared devices


    Are you tired of entering usernames and passwords? Windows Hello and FIDO2 Security keys allow you to carry your identity with you.

    We have been on a journey to eliminate passwords. Today, we are delighted to announce an important milestone.

    Microsoft has been aligned with the Fast Identity Online (FIDO) working group from the start, the alliance represents 250 organizations from various industries on a joint mission to replace passwords with an easy to use strong credential. With the recent ratification of FIDO2 security keys by the FIDO working group, we’re updating Windows Hello to enable secure authentication for many new scenarios.


    FIDO2 Security Key

    Imagine a helpdesk scenario where an employee can walk up to any device and simply log in using Windows Hello and not username and password. Another scenario is hospital medical staff that need access a patient records on a device no matter where the patient is located. Or a public-sector organization that wants secure authentication on devices while adhering to security policies and directives where the users credential needs to be physically separate from the device itself.

    Microsoft and its partners have been working together on FIDO2 security keys for Windows Hello to enable easy and secure authentication on shared devices. Security keys allow you to carry your credential with you and safely authenticate to an Azure AD joined Windows 10 PC that’s part of your organization. A user can walk up to any device belonging to the organization and authenticate in a secure way – no need to enter a username and password or set-up Windows Hello beforehand. Unlike traditional passwords, these keys rely on high-security, public-key cryptography to provide strong authentication. These keys have all the benefits of a Trusted Platform Module (TPM) while also being portable enabling the increasing number of mobile workers.

    FIDO2 compliant security keys provide secure authentication, independent of the form factor. The security key holds your credential and can be protected with an additional second factor like fingerprint (integrated into the security key) or a PIN to be entered at the Windows sign-in.

    Our partners are working on a variety of security key form factors. Some examples include USB security keys and NFC enabled smartcards, just to name a few. We are looking forward to seeing new form factors and possibly applications on your phone that comply with the FIDO2 specification.

    Here’s a glimpse into the security keys from our partners we’ve been working closely with

    Yubico – Security key for Windows Hello



    HID – Security key for Windows Hello



    Feitian – Security key for Windows Hello with biometric sensor



    Source: Windows Hello and FIDO2 Security Keys enable secure and easy authentication for shared devices - Windows For Your Business
      My ComputersSystem Spec

  2. z3r010's Avatar
    Posts : 7,483
    Windows 10 Workstation x64
       #1

    I've been using my yubikey for Windows hello for a few weeks now, however it isn't allowed after a reboot and a pin or pass is still needed, I hope they have changed that now.
      My ComputersSystem Spec


 

Related Threads
Source: https://support.microsoft.com/en-us/help/4073707/windows-operating-system-security-update-block-for-some-amd-based-devi See also: An Update on AMD Processor Security for Spectre and Meltdown - Windows 10 Forums UPDATE 1/17:...
RE: Windows Security Authentication window / prompt does not display text box for username and password Good Day For some reason when prompted for credentials, the window does not seem to display the username and password text boxes to...
What I'm trying to do doesn't sound complicated but I'm really stumped. I want to set up a home network (a desktop and other tablets/laptops) and set up some of the drives on the Desktop PC (NOT individual folders) as shared which can then be...
Hi, I am running Windows 10 and trying to set up a network so that I can transfer photos from an android phone onto my laptop hard drive for back up. I've been using an app to do this and it has worked in the past brilliantly (called "Sweet Home" if...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 12:37.
Find Us