With the FIDO2 certification of Windows Hello, Microsoft is putting the 800 million people who use Windows 10 one step closer to a world without passwords.

No one likes passwords (except hackers). People don’t like passwords because we have to remember them. As a result, we often create passwords that are easy to guess—which makes them the first target for hackers trying to access your computer or network at work.

Since 2015, Microsoft has been building a path to a secure and passwordless world with Windows Hello, enabling Windows 10 users everywhere to sign in to their devices using biometrics or a PIN and leave the world of passwords behind. Continuing this momentum, Microsoft announced in November of 2018 the ability to use Windows Hello or a FIDO2 security key to securely sign in to your Microsoft account on the web, without a password!

Today, the FIDO Alliance announced that, with the upcoming release of Windows 10, version 1903, Windows Hello is a FIDO2 Certified authenticator. FIDO2 enables developers to leverage standards-based protocols and devices to provide users easy authentication to online services—in both mobile and desktop environments. Microsoft is a leading member of the FIDO Alliance and is working closely with alliance members to enable passwordless login for websites supporting FIDO2 authentication. Collectively, these standards enable users to more easily and securely login to online services with FIDO2-compliant security keys and Windows Hello.

Every month, more than 800 million people use a Microsoft account to access email, play a game, or access files in the cloud. That’s why, in addition to FIDO2 certification, Windows 10, version 1903 will enable users of the latest version of Mozilla Firefox to log in to their Microsoft account or other FIDO-supporting websites. Chromium-based browsers, including Microsoft Edge on Chromium, will support the same capability soon.

We encourage companies and software developers to adopt a strategy for achieving a passwordless future and start today by supporting password alternatives—such as Windows Hello—for their users. For more details on deploying Windows Hello, see www.aka.ms/whfb.

To support secure authentication on shared Windows 10 PCs, such as those used by Firstline Workers, FIDO2 compliant Microsoft-compatible security keys offer a portable solution that enables users to log in to Windows 10 without a password. Learn more about this scenario by reading Windows Hello and FIDO2 Security Keys enable secure and easy authentication for shared devices.

Finally, Microsoft Authenticator can enable users to authenticate their Microsoft accounts using their mobile phones. Built on secure technology similar to Windows Hello, Microsoft Authenticator packages authentication into a simple app on your mobile device.

Windows Hello, FIDO2 security keys, and the mobile Microsoft Authenticator app are great alternatives to passwords. To truly create a world without passwords; however, we need interoperable solutions that work across all industry platforms and browsers. We will continue to invest in this space and look forward to sharing future updates. In the meantime, if you’re a developer, you can help by supporting FIDO2 authentication in your web services and applications today.



Occasional Contributor

When are you going to allow migration of Microsoft Authenticator codes?  For instance, moving codes from Windows Phone to a Droid (or Droid to new Droid?).  It takes one mishap for all codes stored on the device to hose your 2FA.


It's good to hear about the improvements regarding passwords, but 2FA is in the field now and your current design puts users at risk, or at the minimum, extreme inconvenience to copy codes over one by one (each with their own process).

Occasional Visitor

Sounds like the ushering in of a dystopian future. What company will be warehousing the biometric data? Will users in the future be allowed to use the OS without biometrics? Does Microsoft support respecting user privacy over convenience disguised as security? Is this a grab for biometric data at its core?

Occasional Visitor

This is great news.  When will Windows 10 support the Passwordless function in the Auth App for windows Login tied to my corporate azure ad account?  I realize that WHB can use Pin and Biometrics data but we are looking for a seperate device MFA function.  To work similar to Azure AD account passwordless access.

I could procure a token solution but I am already utilizing the Auth App and conditional access controls for Application security.



Frequent Contributor

@Yogesh Mehta Great news! Does this means that I now can enable login with for example Yubcio hardware tokens on an Azure AD Joined Windows 10 1903?


For those who are asking about AzureAD - Fido2 support for AzureAD is starting in private preview (June 2019).


Regarding your older hardware keys - if they are FIDO2  then sure, but likely you have something older than Fido2. In which case your options haven't changed. 


I just got a Fido2 USB+Fingerprint key that I'm hoping to test with soon..





Frequent Contributor

I’ve heard public preview is coming at least during 2019 - I hope so too.


@Neil Goldstein Out of interest, which key do you have which also has fingerprint?