Over four years ago, Microsoft joined hands with the Fast IDentity Online (FIDO) Alliance, a non-profit organization that wants to make online authentication more secure; the tech giant found common ground with FIDO"s ultimate goal of eliminating the "old-fashioned" password system. Today, Microsoft achieved a significant milestone in its journey towards better authentication methods by updating Windows Hello to work in conjunction with the new FIDO2 Security Keys.
In essence, these keys will allow users to log in to any Windows 10 PC managed with Azure Active Directory (Azure AD) without the need of entering a password. There will be no need for Windows Hello to be set-up beforehand, regardless of the form factor of the PC being used to authenticate user credentials. Furthermore, the FIDO2 authentication standard is considered to be more secure in comparison to passwords because of the employment of public-key cryptography. Coupled with fingerprint or PIN protection in addition to the security key itself, it does seem to provide a better alternative to the traditional password system. Similarly, the keys are expected to offer increased mobility among workers of any organization that makes use of them.
Interestingly, back in December, Microsoft outlined its intentions of eliminating the need of using passwords. Then, a few months ago, the company announced a new palm vein authentication system, further advancing its aforementioned aims. Currently, other security key form factors are being worked upon by the firm as well, with the belief that even mobile applications that comply with the FIDO2 specification might emerge soon.
With the clear mention of devices belonging to an ""organization"" in Microsoft"s blog post, it seems that the Windows Hello FIDO2 Security Key feature will only be introduced to enterprise users for the time being. In any case, the feature is currently in limited preview and you can add your name to the waitlist after filling out a mandatory questionnaire here.