Forum Discussion
Chris-Yue
Jun 01, 2021Iron Contributor
Managing PIN complexity on FIDO Security Keys
I have FIDO2 security keys working as part of Windows Hello for Business login to Windows 10 devices.
Whilst I can set PIN complexity as part of the user gesture PIN code, I don't seem to be able to do this when FIDO2 keys are used.
I am using the on KEY-ID ones that requires a PIN followed by a button press on the key to confirm physical presence.
Can anyone advise in this regard?
- SorenSonnichsen225Copper ContributorHi, we have the exactly same issue, we would like to use FIDO2 keys, but the PIN security is way to bad for our security department.
Does anyone at Microsoft have an answer?- Jan BakkerIron ContributorFIDO2 standard does not use complexity by default.
So 1111 and 1234 are allowed.- SorenSonnichsen225Copper ContributorHi Jan
Yes, and that is exactly the issue.
Do you know whether it is possible to apply/force complexity rules to FIDO2 devices?
- Emin HuseynovBrass ContributorYou cannot manage as such, but you can choose the devices with enforced PIN complexity. The only ones enforcing PIN complexity are the PIN+ Series from Token2. Sales start in September 2023
https://www.token2.swiss/site/page/blog?p=posts/70