You can now sign into your Microsoft account using hardware-based security keys

[Matrix]

 

 

Microsoft has been trying to kill off the password as we know it for some time now, and it's finally achieved that goal across its own suite of services - well, sort of. While using a password will undoubtedly remain a sign-in option for the foreseeable future, Microsoft now offers several solid alternatives to its users.

Windows Hello, which uses facial recognition to sign you into your account, is one example, but now users can take advantage of an even more secure login method: hardware-based security keys.

You're free to use any security key you'd like -- as long as it supports the FIDO2 authentication standard -- but Yubico's YubiKey device line-up has a few particularly affordable options. The $20 "Security Key" is a good way to get started if you don't want to shell out too much cash.

Regardless of which device you buy, you'll be able to use it across a wide variety of Microsoft services, including Outlook, Skype, OneDrive, Xbox Live, and even Windows itself.

If you want to take advantage of the new sign-in option, there are two catches to be aware of. First, your machine will need to be running the bug-ridden Windows 10 "October" update, and second, you must use the company's Edge browser to log in to the previously-mentioned services.

 

source

[nir]

How to Log In to a Microsoft Account with a Security Key or Windows Hello

Microsoft brings Windows Hello to Microsoft Accounts

As the world’s largest software company, Microsoft has been one of the pioneers of a world without passwords, providing users with a series of alternatives, including facial and fingerprint scanning.

Called Windows Hello, the biometric authentication tool developed by Microsoft was launched in 2015 and was even offered on the company’s Windows phones.

Lumia 950 XL, for example, which debuted in late 2015, was one of the first phones with such features, and as we know already, facial recognition is now becoming a common security system on high-end phones running Android and iOS.

Since then, however, Windows Hello received occasional updates, and Microsoft has constantly pushed for more users to embrace it. The latest-generation laptops all come with some sort of authentication system, and with a recent update, the software giant pushes its efforts even further.

Microsoft is bringing Windows Hello to the Microsoft Account, which means that you can log in to your favorite Microsoft services on the web without using a password.

For instance, if you want to browse your files stored in the cloud and log in to OneDrive, you no longer have to provide your password, but only have your face scanned by Windows Hello.

Needless to say, this feature needs to be configured because it’s not enabled by default. And before everything, here’s what you’re going to need:

Windows 10 version 1809 (October 2018 Update) Windows Hello-capable device with fingerprint reader or facial recognition Microsoft-compatible security key (Yubico or Feitian) Microsoft Edge browser

Basically, Windows Hello can only be used to authenticate to Microsoft services on Windows 10 version 1809 when Microsoft Edge browser is being used.

To enable this new feature, you must first sign in to your Microsoft Account on this official Microsoft page. On your account dashboard, you need to follow the next path:

Security > More security options > Sign in (if necessary) > Windows Hello and security keys > Manage your sign-in methods

If you aren’t running the latest Windows 10 and Microsoft Edge versions, or in case your computer isn’t compatible with Windows Hello (e.g. does not have the necessary hardware), you should see a message reading:

Your browser or operating system does not support this

Next, you need to set up a security key and follow the wizard to configure your key – you need to choose between USB and NFC. You’ll also be prompted to insert your key and tap it, then create a backup PIN, input a name for the key, and then save the settings.

The next time you want to sign in to a Microsoft service, instead of providing your password, click the option that reads Use Windows Hello or security key.

If the feature has been configured correctly, Windows Hello should then be enabled to scan your face or the security key should be used to perform a check and let you sign in.

As an alternative, I also recommend you to set up the official Microsoft Authenticator app for Android and iOS. After you configure your account within the app, every time you attempt log in to a Microsoft service from a new browser or computer, you are prompted to approve the authentication on your mobile device, all without providing your password.

This is a solution that comes in handy particularly to those who don’t have a Windows Hello-capable computer but instead keep their mobile phone around most of the time.

And of course, if you just want to use the old-fashioned password method, just make sure you choose a more complex password and you enable two-factor authentication.

Source