large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Windows 10 adds security key support to put another nail in the password’s coffin

Microsoft has announced its support for the FIDO2 security key devices, which will enable anyone to log into their Microsoft accounts without using traditional username and password-based credentials.

That means those using the latest version of Windows 10 (October 2018 update) will be able to use the Microsoft Edge browser to log into services like Bing, the Microsoft Store, Office, OneDrive, Outlook, Skype and Xbox Live with WebAuthn-enabled security keys like the Yubikey5 and the FEITIAN Biopass.

The USB devices plug into laptops or can use Bluetooth or NFC connections to authenticate identities without the need for a typed username and password. Essentially, it provides a variant of the dual-factor authentication methods we currently see, but deploys biometrics. Everything is handled within Microsoft Edge.

Related: Windows 10 free upgrade

In order to start using a hardware key, you must be using the Windows 10 October 2018 update. Microsoft advises you visit the Edge browser and sign in as normal. You can then select Security, “more security options” and then select “Windows Hello and security keys”.

After configuration, the next time you sign in you’ll see “more options” and will have the opportunity to use a security key. Those users with Windows Hello facial recognition, there’s also the ability to login without a username and password.

“Microsoft is the first company to support password-less authentication using the FIDO2 WebAuthn and CTAP2 specifications, and Microsoft Edge supports the widest array of authenticators compared to other major browsers,” Alex Simons, VP of program management at Microsoft Identity Division said on Tuesday.

“Passwords are bad for the planet. They’re bad for people. They’re the easiest way for attackers to get in, and in the case of account takeovers, they’re even a way to force people out,” said Microsoft VP of security Rob Lefferts added.

Have you already snapped up a security key? Let us know how you get on with the Windows 10 set-up @TrustedReviews on Twitter.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.