News

FIDO2, Windows 10's Password Replacement, Now Ready

It's now possible to use devices based on the Fast IDentity Online 2.0 (FIDO2) protocol with a Microsoft account and Windows 10 version 1809 to verify user access, Microsoft announced on Monday.

Essentially, this capability obviates the need for a password. It works with desktop and mobile devices, permitting access to applications such as Microsoft Office, Outlook and Skype. However, a Microsoft document stated that "this functionality is not available yet on phones."

Organizations can use a FIDO2-based device or they can use Windows Hello, Microsoft's biometric identity solution, with a Microsoft account. The FIDO2 devices supported might be a USB thumb drive with a fingerprint reader, or some other kind of security key.

The ability to work with a Microsoft account is only available in the U.S. market right now. However, it'll be available worldwide "over the next few weeks," Microsoft's announcement promised.

The FIDO2 capability requires using the Windows 10 October 2018 Update (version 1809), as well as the Microsoft Edge browser. Despite its rerelease earlier this month, Windows 10 version 1809 may still be blocked for some users because of new problems found with Intel display drivers, and a few other problems, as listed in Microsoft's Windows 10 Update History page.

To use the capability, Microsoft's announcement suggested that organizations will need to buy a security key that supports the FIDO2 standard. The criteria are outlined in this document.

Microsoft is using the WebAuthn and FIDO2 CTAP2 specifications, which require that both a private and public key get added to a device. Organizations will need to have a Trusted Platform Module on the device to store these keys. The Trusted Platform Module can be implemented via hardware or software.

Microsoft is claiming that it's among "the first in the world to deploy FIDO2" in its products, according to this blog post, which described the standard. It added that Windows 10 version 1809 has support for the "latest WebAuthn Candidate release," which is "a stable release not expected to normatively change before the specification is finally ratified."

On top of the Microsoft account support for FIDO2 in Windows 10 version 1809, it'll be possible to get FIDO2 support using Azure Active Directory work or school accounts in the near future.

"We are currently building the same sign-in experience from a browser with security keys for work and school accounts in Azure Active Directory," Microsoft's announcement explained. "Enterprise customers will be able to preview this early next year, where they will be able to allow their employees to set up their own security keys for their account to sign in to Windows 10 and the cloud."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.