Microsoft just announced it will support the standards-based FIDO2 security key devices that will enable users to sign into their accounts without typing in username or passwords. Users will be able to log into their Microsoft account without going through the pesky problem of typing usernames or passwords.
The process os signing into once’s Microsoft account will be easier, while at the same time secure. Microsoft has enabled support for the security key or Windows Hello via the Edge browser. By doing so, Microsoft becomes the first company to support the password-less authentication using the FIDO2 WebAuth and CTAP2 standards.
This new security protocol is already effective for users on Windows 10 October 2018 Update. The October 2018 Update comes with a configuration for Windows Hello or the physical security from the FETIAN and Yubico, which support FIDO2 standard.
Any user on a Windows 10 device with a supported Windows Hello webcam or fingerprint reader can set up automatic authentication by visiting their Microsoft Account setting using Edge browser. They can then link that particular Windows 10 PC to their Microsoft account, and from there onwards, log into their accounts without entering a password.
During the linking up, a private key will be placed on a trusted platform module on the Windows 10 PC. And will be used alongside the physical key or the biometric Windows Hello authentication for verification purposes against the public key kept at the Microsoft’s servers. The strength of this security system comes from this combination, which offers a stronger security against malware and phishing scam as the users will already have grown accustomed to logging without typing their username or password.
The password-less login is currently only available on Microsoft Edge, but Microsoft is working on availing it across all mainstream browser. That is, in addition, to support WebAuthn and FIDO2 standards.