Microsoft has recently shared a blog post on the progress of its "mission to eliminate passwords," from the Windows ecosystem. It is making it easier than ever to setup security and protections for your PC and this initiative includes using hardware security devices with Windows Hello. One of the major introductions is in enabling the use of USB or NFC FIDO2 devices.
Ahead of its update on what it has done in Windows and key Microsoft applications to address quick and convenient secure logins, the firm first makes the case for going password-less. Microsoft thinks typed passwords are often "difficult to remember, are often reused and can be used to hack your account anywhere, anytime, from any device". It hopes that Windows Hello, and the various hardware enhanced security methods it can use to verify your identity is the solution.
For a while now, people have been using fingerprint readers and depth cameras to log into Windows and Windows Hello aware apps quickly and securely. Microsoft has recently made updates to its Windows Security app Account Protection page which will alert users if there is a way to improve security. Setting up Windows Hello has been made more accessible as it is now possible to go straight to configuring this feature from the lock screen dialogue.
The headlining change highlighted in the Microsoft blog concerns setting up Windows Hello and Microsoft connected services to accept a Windows Hello or compatible security key. These compact hardware devices use a PIN or biometrics to unlock access to various Windows digital services. Using this new method Windows users will be able to sign in to the likes of Outlook.com, Office 365, Skype, OneDrive, Cortana, Microsoft Edge, Xbox Live on the PC, Mixer, Microsoft Store, Bing, and MSN.
Microsoft Edge has joined Google Chrome and Mozilla Firefox in its support for WebAuthn, which enabled the use of these hardware security keys. A ZDNet article explains that the new hardware key security uses the FIDO2 standard as follows; "where a private key is stored on the local device and requires a face, fingerprint or PIN code to unlock it. A public key is sent to Microsoft's account servers in the cloud and the key is registered with the user account."
If you were interested in getting a Microsoft-compatible FIDO2 security key for your desktop or laptop then it is recommended that you choose one from a Microsoft partner such as Yubico or Feitian Technology.