Password-less login for Microsoft Accounts
Password-less login is since Windows 10 1809 available via the Edge Browser and also the Edge on Chromium browsers. But why should I login via a FIDO2 device like a Yubikey 5?
I hope that I can clearify some things up for this topic.
So I bought a Yubico Yubikey 5 NFC at Bol.com and configured it for my Microsoft Account.
What is a FIDO2 security key?
A FIDO2 key is not to be confused with a FIDO U2F security key, which works as a second authentication factor for a password. The FIDO2 security key replaces both but works much like a U2F key by using public key cryptography.
The user only has to press a button on the security key to log into a website if they use a browser (such as Edge) that supports the WebAuthn web API, which connects the FIDO 2 hardware to a website’s server.
How to setup a FIDO2 Key for your Microsoft account?
- First you need to have Windows 10 1809 and a supported Yubikey
- Start your Edge (or Edge Chromium) browser
- Sign in to your Microsoft Account at https://account.microsoft.com
- Go to the “Update your security info” tile
- Click on the “More security options” tile
- Click on “Set up a security key”
- Choose your type of security key. I will choose for USB device.
- Create a PIN for your security key
- Touch the golden sensor of the security key
- Click on Allow at the popup
- Give your security key a name
- And you’re all set
- Now sign out of your Microsoft account and try to sign in again with your security key. That should work.
At this moment the YubiKey 5 is not yet supported to log on into Windows 10. Hopefully this will be supported soon.
Uhm….. Oké, the Yubikey is handy to login at the Microsoft websites without filling in a password. But I had already the Authenticator App installed and configured for my Microsoft Account.
You can use the Yubikey at multiple computers. Login with the Yubikey is a little bit faster then login with the Authenticator App.
If you have some other question or comments about the Yubikey, leave them behind here below and I will contact you as soon as possible.