How to set up a security key for your Microsoft Account
Microsoft introduced password-less sign-in functionality in the Microsoft Edge browser in the October 2018 Update for Windows 10.
The new security feature unlocks options to sign in to Microsoft services without having to enter a password; the functionality is restricted to Microsoft Edge currently and to services by Microsoft such as OneDrive, the Microsoft Store, Outlook, or Skype.
Microsoft Edge supports two main password-less authentication methods: Windows Hello or FIDO2-based.
Windows Hello is not a new service; Windows 10 users may use it to sign in to their accounts on devices running Windows 10. Support is extended to Microsoft Edge in Windows 10 version 1809 to enable password-less sign-ins using Windows Hello.
Microsoft added support for FIDO2-based security keys in the new feature update as well. Windows users may use a security key, e.g. from Yubico or Feitian Technology, to sign-in to Microsoft Accounts in Microsoft Edge. The list of features that security keys need to support is listed on the Microsoft Docs website.
FIDO2-based security keys may be plugged into USB ports of Windows 10 devices.
Setting up the new authentication options
Information on setting up a security key or Windows Hello to sign-in to Microsoft services in Microsoft Edge is not provided by Microsoft in the announcement itself on the Windows blog, but you find instructions on the Microsoft 365 blog.
Here is how you set up the new security feature:
- Open the following link in Microsoft Edge: https://account.live.com/proofs/manage/additional?mkt=en-US&refd=account.microsoft.com&refp=security
- Note: you can open the link in another browser but may get the message that "Your browser or operating system does not support this".
- You may be asked to sign in to your Microsoft Account.
- Scroll down to the Windows Hello and security keys section on the page.
- Select "Set up a security key" if you want to use a FIDO2-based security key for sign-ins using Edge.
- Select "Set up Windows Hello" if you want to use Windows Hello for that instead.
- You may be asked to sign in to the Microsoft Account (again).
- Follow the instructions from this point forward to set up your preferred sign in method in Edge.
Microsoft displays instructions on the next page. If you selected to set up a security key, Microsoft explains that you either need to plug it in and press the gold circle on the device if it is connected via USB, or hold it close to the NFC reader and press the gold circle button if it is using NFC.
Connect the security key when asked to do so and follow the on-screen instructions to complete setup. You may use the new authentication method from that moment on when signing in to Microsoft services using the Edge browser.
When you sign-in the next time in Microsoft Edge, select More Options > Use a security key to use it to sign-in.
Microsoft believes that the password era is coming to an end and that password-less authentication methods such as Windows Hello or by using security keys are the way to go forward.
The functionality is quite limited at this point in time as it supports only Microsoft online services and requires that users use Microsoft Edge.
Some password managers, for example Last Pass, support security keys as well. We reviewed the first Yubico device in 2010.
Microsoft plans to introduce the same authentication functionality for work and school accounts in Azure Active Directory next year.
Now You: what is your preferred sign-in method?Advertisement