Earlier it was a bit tough to sign into Microsoft account. However, now it has become easier and secure to sign into the account. It is allowing anyone to sign in with FIDO2 security key devices which are a standard tool.
It is to be noted that Microsoft is the first company to support authentication without password using FIDO2 WebAuthn and CTAP2 standards.
It also supports Edge browser for enabling security key. Users who are having Windows 10 October 2018 version, will be able to set up Windows Hello or a physical security key from Yubico or FEITIAN that support the FIDO2 standard. Device having Windows Hello webcam or fingerprint reader can be easily connected wherein user have to visit Microsoft Account settings with Edge. Next, you can link a Windows 10 machine to your account without the password.
Once linked, it will keep private key on the trusted platform module (TPM) in a Windows 10 device. This is used through a physical key or biometric Windows Hello authentication to verify it against the public key stored on Microsoft’s servers. Such a system would make it difficult to fall for a phishing scam or malware as there will not be any password used.
Earlier Microsoft was the first one to allow its account users to sign in without a password using the company’s iOS and Android Microsoft Authenticator app. In continuation to it, support of FIDO2 security keys is the next logical step. Like Google and Facebook, Microsoft is planning to bring USB tokens to secure accounts which can give support to work and school accounts that use Azure Active Directory.
Also like Microsoft has adopted open standards by the W3C and FIDO Alliance standards bodies, Chrome and Firefox will also benefit from such system once they support the FIDO2 standards.