This will place a private key on the trusted platform module (TPM) in a Windows 10 device which is used alongside the presence of the physical key or biometric Windows Hello authentication to verify it against the public key stored on Microsoft’s servers. This combination should make it difficult to fall for a phishing scam or malware, as you’ll get used to logging in without credentials or passwords.
Microsoft first enabled its account users to sign in without a password using the company’s iOS and Android Microsoft Authenticator app. It was the first step towards password-less logins, and support FIDO2 security keys is the next logical step. Google and Facebook have already been using USB tokens to secure accounts, and Microsoft is planning to bring this same support to work and school accounts that use Azure Active Directory. As Microsoft has adopted open standards by the W3C and FIDO Alliance standards bodies, Chrome and Firefox will also be able to use these security keys to log into a Microsoft Account once they support the FIDO2 standards.
If you’d like assistance to enable this functionality, give us a call.