Microsoft Announces Support for FIDO2 Hardware Keys in Windows Hello
Microsoft has announced that with its next Windows update, currently known as Redstone 4, it will introduce support for FIDO2 hardware keys to sign in with Windows Hello.
Microsoft writes that it has worked with partners to implement the FIDO Alliance standard. It focuses on open, interoperable and scalable mechanisms that should allow replacement of passwords for authentication. In the blog post, the company cites the example of a user authenticating himself with a hardware key from one of its partners, including Yubico, HID Global and Feitian. It talks about a PC that is part of an Azure Active Directory, making it unclear whether the feature will be available to all users.
In a separate message, Microsoft writes that support in the upcoming Windows update is a “limited preview” for which people can sign up and then end up on a waiting list. Logging in with a USB hardware key makes it unnecessary to use a password. Windows Hello has long supported biometric-based password alternatives, such as iris scans and fingerprints.
FIDO2 is an open authentication standard, building on U2F and UAF. The standard consists of Ctap and WebAuthn, which was recently promoted to Candidate Recommendation by the W3C.