Microsoft announces password-less sign-in for your MSA account using Windows Hello or Security Key

If you are using Windows 10 October 2018 Update (version 1809), Microsoft Edge now supports password less authentication to sign-in to MSA accounts using WebAuthn and FIDO2 specifications. This makes Microsoft the first company to support password free authentication.

Let's discuss about password-less authentication and how to configure your Microsoft account to sign-in using Windows Hello and/or Security Keys.

What is WebAuthn?

WebAuthn is a password free sign-in standard, which enables sign-in to websites using biometrics. This could be using Windows Hello (face recognition, fingerprint reader or PIN) or using FIDO2 compliant Security Keys. Point to note that, WebAuthn is also being supported by major browsers like Google Chrome and Mozilla Firefox.

Alex Simons, the Corporate Vice President of Program Management at Microsoft Identity Division, in a blog post mentioned that "Microsoft is the first Fortune 500 company to support password-less authentication using the the WebAuthn and FIDO2 specifications, and Microsoft Edge supports the widest array of authenticators compared to other major browsers.".

What is Windows Hello?

Windows Hello is a more personal way to sign-in to your device or your account on the web using your fingerprint, face or a secure PIN. This helps you to log-in to your account without having to type in a password.

What is FIDO2 compliant Security Key?

FIDO2 compliant Security Key is a physical device that you can use to sign-in to your account without using your username and password. Using of Security Keys are more secure as it's been used in addition to a biometric authentication. If anyone get your security key, they won't be able to sign-in without the PIN or fingerprint that you have already configured.

You can purchase security keys from retailers. Yubico's YubiKey and the Feitian BioPass key are some examples of FIDO2 compliant security keys.

How to configure Microsoft Account to sign-in with Windows Hello?

If you are on Windows 10 October 2018 Update, follow these steps to set up Windows Hello and then sign in to your Microsoft account in Microsoft Edge:

1. Open your Windows 10 Settings app.
2. Navigate to Accounts | Sign-in options.
3. Under the Windows Hello section, select Set up to configure your Windows Hello (if not done already).
4. Next time when you would like to sign-in to Microsoft site on Microsoft Edge browser, select More Options | Use Windows Hello or a security key to sign-in using Windows Hello.

How to configure Microsoft Account to sign-in with Security Keys?

If you are on Windows 10 October 2018 Update, follow these steps to configure Microsoft Account to sign-in with Security Keys:

1. Open Microsoft Edge and navigate to the Microsoft account page to sign in as you normally would.
2. Now navigate to Security | More security options. Under Windows Hello and security keys, follow the instructions for setting up the security key.
3. Next time when you would like to sign-in to Microsoft site on Microsoft Edge browser, select More Options | Use a security key to sign-in using FIDO2 compliant security key device.