Forum Discussion

Chris-Yue's avatar
Chris-Yue
Iron Contributor
Jun 01, 2021

Managing PIN complexity on FIDO Security Keys

I have FIDO2 security keys working as part of Windows Hello for Business login to Windows 10 devices.

 

Whilst I can set PIN complexity as part of the user gesture PIN code, I don't seem to be able to do this when FIDO2 keys are used.

 

I am using the on KEY-ID ones that requires a PIN followed by a button press on the key to confirm physical presence.

 

Can anyone advise in this regard?

  • Hi, we have the exactly same issue, we would like to use FIDO2 keys, but the PIN security is way to bad for our security department.
    Does anyone at Microsoft have an answer?
    • Jan Bakker's avatar
      Jan Bakker
      Iron Contributor
      FIDO2 standard does not use complexity by default.
      So 1111 and 1234 are allowed.

      • SorenSonnichsen225's avatar
        SorenSonnichsen225
        Copper Contributor
        Hi Jan
        Yes, and that is exactly the issue.
        Do you know whether it is possible to apply/force complexity rules to FIDO2 devices?

Resources