Today Microsoft is making signing into a Microsoft account easier and more secure. Now it is supporting FIDO2 security key devices and enabling the security key or Windows Hello to allow you to sign into the account without a username or password. Microsoft is the first cooperation to support password-less authentication using the the WebAuthn and FIDO2 specifications.

Sign into Microsoft Account with a FIDO2 Device or Windows Hello

You know, most of people don’t take trouble to use password managers and most of the passwords are terrible. And poor passwords may lead to poor security. And Microsoft is working hard to replace passwords with more secure alternatives so as to help people protect their account and data from threats.

Tip: Files get lost due to virus or threats? Now, MiniTool Power Data Recovery, free data recovery software can help to recover them easily.

Now, this company makes it possible to sign into a Microsoft account using a FIO2 security key or Windows Hello, no user name or password required. This is a huge step forward that Microsoft makes.

Earlier this year, Microsoft has announced it is adding support for FIDO2 security key authentication to Windows 10. The feature was first introduced in a limited preview release in the spring, but now it is officially available in Windows 10 version 1809.

Let’s read on to learn some details about these two methods for secure password-less sign-in for your Microsoft account.

How to Work?

FIDO2 authentication keys are standard-based devices, allowing you to log into online services including Outlook, Office, OneDrive, Bing, Skype, and Xbox Live without a password. Usually, FIDO2 devices look like USB keys (some models use NFC) that come with a snap-in biometric technology to verify your identity.

FIDO2 uses public and private key encryption to protect user credentials. When creating and registering a FIDO2 credential, your PC or FIDO2 device creates a private and public key. The private key saved on the device can only be used after it is unlocked by a local gesture like PIN or biometric.

When the private key is stored, simultaneously the public key is sent to Microsoft account in the cloud and registered with your account. When you sign in Microsoft account, the public key will be used to verify.

Due to WebAuthn and FIDO2 CTAP2, using a FIDO2 device or Windows Hello to make authentication isn’t easily stolen by malware.

Well then, how do Windows Hello and a FIDO2 device realize this?

In Windows 10, there is a built-in secure enclave, named a hardware TPM or a software TPM where the private key is saved, requiring your face, fingerprint or PIN to unlock it. Similarly, a FIDO2 device is a small external device that also has built-in secure enclave to store the private key and requires PIN or biometric to unlock it.

These two options both provide two-factor authentication in one step and both of them require a registered device and a biometric or PIN to sign in the Microsoft account.

How to Sign into Microsoft Account with a FIDO2 Device or Windows Hello?

Both ways require the PC to upgrade to Windows 10 version 1809. Here is the guide on how to sign in with Microsoft Account with a FIDO2 device:

Step 1: Go to the Microsoft account page on the Edge, sign in it.

Step 2: Choose Security > More security options > Windows Hello and security keys.

Step 3: Then click Set up a security key. Next, you will go to a page to do this work with your FIDO2 device.

Step 4: When signing in next time, you can choose More Options > Use a security key or type your username. At that time, a security key is asked to sign in.

How to log into Microsoft account without password using Windows Hello?

Step 1: You need to set up Windows Hello in the PC that has installed Windows 10 October Update by going to Settings > Accounts > Sign-in options > Set up under Windows Hello.

Step 2: Next time, when signing in Microsoft account on Edge, click More Options > Use Windows Hello or a security key or type the username. Then, use Windows Hello as a login option.

Bottom Line

After learning so much information about secure password-less sign-in for your Microsoft account, don you want to have a try? Just do it!

To sign into Microsoft account with a FIDO2 device or Windows Hello, you need to upgrade your system to Windows 10 October 2018 Update. But before the update, we suggest backing up your system and important data using the professional PC backup software, MiniTool ShadowMaker.

  • linkedin
  • reddit