As time moves on, it’s becoming more and more clear that relying on passwords isn’t really the best way to keep our online accounts secure. In the name of beefing up security, a number of companies have started moving to two-factor authentication or password-less sign-in, and today, Microsoft added its name to that ever-growing list. Beginning today, Microsoft is letting users log into their Windows accounts using security keys or Windows Hello.
More specifically, Microsoft is allowing users to perform password-less sign-in FIDO2 security devices. If you don’t want to buy a separate security key, you can also use Windows Hello to perform a biometric login with your face or your fingerprint. Of course, you can also use the Microsoft Authenticator app to sign in, but that functionality already existed within Windows.
As explained in a post to the Microsoft blog, getting set up with password-less sign-in is a fairly straightforward process, but there are a few requirements. For starters, you’ll need to be running the Windows 10 October 2018 update, which is the newest update available for the OS. For now, Microsoft is only supporting password-less sign-in through Microsoft Edge, so if you’re committed to another browser, you’ll need to sit this out for now.
Assuming you meet those requirements (and you’ve got a compatible FIDO2 key), all you need to do is sign into your Microsoft Account through Edge and then head to the Security menu. From there, select “More security options” and then “Windows Hello and security keys,” which will walk you through the process of setting up a security key. When you login next, simply click “More Options” and then – you guessed it – “Use a security key.”
Though Microsoft explains that many FIDO2 CTAP security key will work with Microsoft Account sign-in (the company has listed required features and extensions in a separate help document), it specifically mentions Yubico and Feitian Technologies as its partners for this new initiative in today’s announcement. Next up, we’ll see password-less sign-in come to work and school accounts in Azure Active Directory, and Microsoft says that its enterprise customers will be able to preview that functionality in early 2019.