10 Reasons to Love Passwordless #2: NIST Compliance

Published Feb 05 2021 03:00 PM 31.2K Views
Microsoft

Hello

 

This is the second post in the “Ten Reasons to Love Passwordless” blog series. Last time, we talked about the flexibility and multi-platform benefits of FIDO2 open standards based technology. The second reason to love passwordless is it brings the highest levels of security to your organization. Passwordless multifactor authentication (MFA) eliminates the need to memorize passwords and as such makes it 99.9% harder to compromise an account. Using built-in crypto keys in your software or hardware from passwordless solutions, you get the security assurance that meets the highest standards. Helping our customers achieve these MFA goals is music to my ears! 

 

Security assurance with NIST (800-63) 

Let’s start with the National Institute of Standards and Technology (NIST) which develops the technical requirements for US federal agencies implementing identity solutions. NIST’s 800-63 Digital Identity Guidelines Authentication Assurance Levels (AAL) is a mature framework used by federal agencies, organizations working with federal agencies, healthcare, defense, finance, and other industry associations around the world as a baseline for a more secure identity and access management (IAM) approach. How does passwordless and multifactor authentication align with NIST’s requirement? And how can the required AALs be met? 

 

Before diving into the details, let us align some terminology: 

  • Authentication - The process of verifying the identity of a subject. 
  • Authentication factor - Something you know, something you have, or something you are: Every authenticator has one or more authentication factors. 
  • Authenticator - Something the subject possesses and controls that is used to authenticate the subject’s identity. 

 

Multifactor Authentication 

Multifactor authentication can be achieved by either a multifactor authenticator or by a combination of multiple single factor authenticators. A multifactor authenticator requires two authentication factors to execute a single authentication transaction. 

 

Multifactor authentication using two single factor authenticators 

The illustration below shows how a multifactor authentication can be performed using a memorized secret (something you know) authenticator along with an out of band (something you have) authenticator. The user performs two independent authentication transactions with Azure AD. 


4.png

 

Multifactor authentication using a single multifactor authenticator 

The illustration below shows how a multifactor authentication is performed using a single multifactor cryptographic authenticator requiring one authentication factor (something you know or something you are) to unlock a second authentication factor (something you have). The user uses a single authentication transaction with Azure AD. 

 

5.png

 

Microsoft Passwordless Authenticators mapped to NIST 800-63 AALs 

Microsoft passwordless authenticators allow multifactor authentication using a single authenticator and eliminate the dependency on memorized secret (password) authenticator and the associated password attacks (see Your Pa$$word doesn’t matter).  

 

Authentication method 

NIST Authenticator type 

AAL 

Windows Hello for Business 

Multi-factor cryptographic hardware (with TPM) 

Multi-factor cryptographic software (without TPM) 

AAL3 

AAL2 

Microsoft Authenticator app 

Multi-factor cryptographic hardware (Android) 

Multi-factor cryptographic software (iOS) 

AAL2 

AAL2 

FIDO2 security keys* 

Multi-factor cryptographic hardware 

AAL3 

*FIDO2 Security Key partners such as Feitian, Thales (formerly Gemalto), TrustKey (formerly eWBM), and Yubico, are in the process of certifying their FIDO2 security keys with FIPS 140. 

 

Federal agencies, organizations working with federal agencies and organizations in regulated industries seeking Federal Information Processing Standards 140 (FIPS 140) verification are advised to reference Achieving National Institute of Standards and Technology Authenticator Assurance Levels with the Mic... and conduct risk assessment and evaluation before accepting these authenticators as AAL2/3.  

 

 

Check out the other posts in this series: 

 

Learn more about Microsoft identity: 

6 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-2118395%22%20slang%3D%22en-US%22%3ERe%3A%2010%20Reasons%20to%20Love%20Passwordless%20%232%3A%20NIST%20Compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2118395%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F909586%22%20target%3D%22_blank%22%3E%40AjitHatti%3C%2FA%3E%2C%20these%20are%20great%20questions.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CU%3ENIST%20standards%20covering%20biometrics%20as%20authentication%20factors%3A%3C%2FU%3E%3C%2FP%3E%0A%3CP%3ENIST%20includes%20under%20biometrics%20physical%20characteristics%20(e.g.%2C%20fingerprint%2C%20iris%2C%20facial%20characteristics)%20and%20behavioral%20characteristics%20(e.g.%2C%20typing%20cadence).%3C%2FP%3E%0A%3CP%3EBoth%20classes%20are%20considered%20biometric%20modalities%2C%20although%20they%20may%20differ%20in%20the%20extent%20to%20which%20they%20establish%20authentication%20intent%20as%20described%20in%20%3CA%20href%3D%22https%3A%2F%2Fpages.nist.gov%2F800-63-3%2Fsp800-63b.html%23intent%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ENIST%20SP%20800-63B%20Section%205.2.9%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3EDue%20to%20reasons%20listed%20under%20%3CA%20href%3D%22https%3A%2F%2Fpages.nist.gov%2F800-63-3%2Fsp800-63b.html%23biometric_use%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ENIST%20SP%20800-63B%20Section%205.2.3%3C%2FA%3E%20the%20use%20of%20biometrics%20is%20restricted%20to%20be%20used%20only%20as%20part%20of%20a%20multi-factor%20authentication%20with%20a%20physical%20authenticator%20(something%20you%20have)%20and%20not%20accepted%20as%20an%20authenticator%20by%20itself.%3C%2FP%3E%0A%3CP%3EIn%20addition%20%3CA%20href%3D%22https%3A%2F%2Fnvlpubs.nist.gov%2Fnistpubs%2FSpecialPublications%2FNIST.SP.800-207.pdf%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ENIST%20SP%20800-207%20Zero%20Trust%20Architecture%3C%2FA%3E%20details%20the%20role%20behavioral%20attributes%20in%20dynamic%20policies%20for%20determining%20access.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CU%3EFIPS%20140-2%20validation%20for%20FIDO2%20security%20keys%3A%3C%2FU%3E%3C%2FP%3E%0A%3CP%3EFIDO2%20security%20keys%20are%20classified%20as%20multi-factor%20cryptographic%20hardware%20authenticator%20and%20as%20such%20can%20be%20used%20at%20AAL3.%3C%2FP%3E%0A%3CP%3ETo%20be%20used%20at%20AAL3%20the%20FIDO2%20security%20keys%20need%20to%20be%20FIPS%20140%20Level%202%20overall%20(or%20higher)%20and%20FIPS%20140%20Level%203%20Physical%20Security%20(or%20higher)%3C%2FP%3E%0A%3CP%3ETo%20be%20used%20at%20AAL2%20by%20government%20agencies%20FIDO2%20security%20keys%20are%20required%20to%20be%20FIPS%20140%20Level%201%20overall.%20This%20is%20not%20a%20requirement%20for%20non-governmental%20agencies.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2117410%22%20slang%3D%22en-US%22%3ERe%3A%20Ten%20Reasons%20to%20Love%20Passwordless%20%232%3A%20NIST%20Compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2117410%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20article%20%3A)%3C%2Fimg%3E%20Thanks%20for%20spreading%20the%20good%20word%20about%20passwordless...%20maybe%20one%20day%20some%20people%20will%20listen%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHappy%20Azure%20Stacking!!!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2117106%22%20slang%3D%22en-US%22%3ERe%3A%20Ten%20Reasons%20to%20Love%20Passwordless%20%232%3A%20NIST%20Compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2117106%22%20slang%3D%22en-US%22%3E%3CP%3EAwsome!%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2F%408341BD79091AF36AA2A09063B554B5CD%2Fimages%2Femoticons%2Fsmile_40x40.gif%22%20alt%3D%22%3Asmile%3A%22%20title%3D%22%3Asmile%3A%22%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2116759%22%20slang%3D%22en-US%22%3ERe%3A%20Ten%20Reasons%20to%20Love%20Passwordless%20%232%3A%20NIST%20Compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2116759%22%20slang%3D%22en-US%22%3E%3CP%3EWow!%20I%20love%20that%20we're%20now%20going%20passwordless.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20the%20world%20of%20capability%20theory%2C%20we've%20also%20got%20terms%20for%20this%20authentication%20flow.%20We%20authenticate%20to%20our%20powerbox%2C%20which%20holds%20capabilities%20-%20that%20is%2C%20credentials%20unique%20to%20and%20associated%20with%20a%20resource%20-%20that%20we%20can%20then%20use.%20In%20this%20case%2C%20an%20authenticator%20is%20a%20powerbox%2C%20and%20you%20can%20get%20all%20the%20secure%20UI%20benefits%20of%20dealing%20with%20capabilities%20rather%20than%20passwords.%20Really%20looking%20forward%20to%20using%20this%20when%20dealing%20with%20microsoft%20services.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2116681%22%20slang%3D%22en-US%22%3ERe%3A%20Ten%20Reasons%20to%20Love%20Passwordless%20%232%3A%20NIST%20Compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2116681%22%20slang%3D%22en-US%22%3E%3CP%3EFor%20AAL3%20a%20single%20factor%20authenticator%20it%20needs%20to%20be%20FIPS140%20general%201%20phisical%203%20Certified.%26nbsp%3B%20For%20a%20multi-factor%20authenticator%20it%20needs%20to%20be%20FIPS140%20general%202%20phisical%203%20Certified.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20are%20aditional%20NIST%20standards%20for%20biometric%20authenticators%20around%20FAR%20and%20presentation%20stack%20resistance%20on%20biometric%20multi-factor%20authenticators.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2116437%22%20slang%3D%22en-US%22%3ERe%3A%20Ten%20Reasons%20to%20Love%20Passwordless%20%232%3A%20NIST%20Compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2116437%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F217168%22%20target%3D%22_blank%22%3E%40Sue%20Bohn%3C%2FA%3E%26nbsp%3B%20This%20is%20a%20fantastic%20summary%20of%20standards%20going%20in%20to%20the%20passwordless%20solutions%20to%20assure%20the%20best%20security%20possible.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20seen%20more%20factors%20like%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EHow%20you%20Behave%20(Behavioural%20authentication)%3C%2FLI%3E%3CLI%3EHow%20you%20sound%20%26amp%3B%3C%2FLI%3E%3CLI%3EWho%20knows%20you%20(authentication%20by%20reference%20like%20social%20authentication)%3C%2FLI%3E%3C%2FUL%3E%3CP%3EAre%20there%20any%20NIST%20standards%20for%20the%20above%20methods%20as%20well%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20invented%26nbsp%3B%20Association-Based-Authentication%2C%20which%20uses%20PKI%20and%20complies%20with%26nbsp%3B%3CSPAN%3EFIPS%20140-2%20L1.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3ECan%20you%20please%20share%20what%20level%20%3CEM%3EFIDO2%20Security%20Key%3C%2FEM%3E%20partners%20should%20certify%20with%3F%20This%20will%20be%20very%20valuable%20for%20us.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2115725%22%20slang%3D%22en-US%22%3E10%20Reasons%20to%20Love%20Passwordless%20%232%3A%20NIST%20Compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2115725%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EHe%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ello%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%2C%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EThis%20is%20the%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Esecond%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Epost%20in%20the%20%E2%80%9CTen%20Reasons%20to%20Love%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3EPasswordless%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%E2%80%9D%20blog%20series.%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3BLast%20time%2C%20we%20talked%20a%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ebout%26nbsp%3Bthe%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eflexibility%26nbsp%3Band%20multi-platform%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2F10-reasons-to-love-passwordless-1-fido-rocks%2Fba-p%2F2111918%22%20target%3D%22_blank%22%3E%3CSPAN%20data-contrast%3D%22none%22%3Ebenefits%20of%20FIDO2%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bopen%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Estandards%20based%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Btechnology.%20The%20second%20reason%20to%20love%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Epasswordless%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bis%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bit%20brings%20the%20highest%20levels%20of%20security%20to%20your%20organization.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3EPasswordless%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Emultifactor%20authentication%20(MFA)%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eeliminates%20the%20need%20to%20memorize%20passwords%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eand%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eas%20such%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Emakes%20it%2099.9%25%20harder%20to%20compromise%20an%20account.%20Using%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ebuilt-in%20crypto%20keys%20in%20your%20software%20or%20hardware%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bfrom%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Epasswordless%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bsolutions%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%2C%20you%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eget%20the%20security%20assurance%20that%20meets%20the%20highest%20standards.%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3BHelping%20our%20customers%20achieve%20these%20MFA%20goals%20is%20music%20to%20my%20ea%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ers!%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335551550%26quot%3B%3A1%2C%26quot%3B335551620%26quot%3B%3A1%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CFONT%20size%3D%225%22%3ESecurity%20assurance%20with%20NIST%26nbsp%3B(800-63)%26nbsp%3B%3C%2FFONT%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3ELet%E2%80%99s%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bstart%20with%20t%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ehe%20National%20Institute%20of%20Standards%20and%20Technology%20(NIST)%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bwhich%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bdevelops%20the%20technical%20requirements%20for%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3EUS%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bfederal%20agencies%20implementing%20identity%20solutions.%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fpages.nist.gov%2F800-63-3%2Fsp800-63b.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3ENIST%E2%80%99s%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22none%22%3E%26nbsp%3B800-63%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22none%22%3E%26nbsp%3BDigital%20Identity%20Guidelines%20Authentication%20Assurance%20Levels%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3B(AAL)%20is%20a%20mature%20framework%20used%20by%20federal%20agencies%2C%20organization%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Es%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bworking%20with%20federal%20agencies%2C%20healthcare%2C%20defense%2C%20finance%2C%20and%20other%20industry%20associations%20around%20the%20world%20as%20a%20baseline%20for%20a%20more%20secure%20identity%20and%20access%20management%20(IAM)%20approach.%20How%20does%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Epasswordless%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eand%20multifactor%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eauthentication%20align%20with%20NIST%E2%80%99s%20requirement%3F%20And%20how%20can%20the%20required%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAALs%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bbe%20met%3F%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EBefore%20diving%20into%20the%20details%2C%20let%20us%20align%20some%20terminology%3A%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%20data-leveltext%3D%22%EF%82%B7%22%20data-font%3D%22Symbol%22%20data-listid%3D%2216%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%221%22%20data-aria-level%3D%221%22%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAuthentication%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3B-%20The%20process%20of%20verifying%20the%20identity%20of%20a%20subject.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233279%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%20data-leveltext%3D%22%EF%82%B7%22%20data-font%3D%22Symbol%22%20data-listid%3D%2216%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%222%22%20data-aria-level%3D%221%22%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAuthentication%20factor%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3B-%20Something%20you%20know%2C%20something%20you%20have%2C%20or%20something%20you%20are%3A%20Every%20authenticator%20has%20one%20or%20more%20authentication%20factors.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233279%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CUL%3E%0A%3CLI%20data-leveltext%3D%22%EF%82%B7%22%20data-font%3D%22Symbol%22%20data-listid%3D%2216%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%221%22%20data-aria-level%3D%221%22%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAuthenticator%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3B-%20Something%20the%20subject%20possesses%20and%20controls%20that%20is%20used%20to%20authenticate%20the%20subject%E2%80%99s%20identity.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233279%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20aria-level%3D%222%22%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559738%26quot%3B%3A40%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20aria-level%3D%222%22%3E%3CSTRONG%3E%3CFONT%20size%3D%225%22%3EMultifactor%20Authentication%26nbsp%3B%3C%2FFONT%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EMultifactor%20authentication%20can%20be%20achieved%20by%20either%20a%20multifactor%20authenticator%20or%20by%20a%20combination%20of%20multiple%20single%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Efactor%20authenticators.%20A%20multifactor%20authenticator%20requires%20two%20authentication%20factors%20to%20execute%20a%20single%20authentication%20transaction.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20aria-level%3D%224%22%3E%3CSTRONG%3E%3CFONT%20size%3D%224%22%3E%3CI%3EMultifactor%20authentication%20using%20two%20single%3C%2FI%3E%3CI%3E%26nbsp%3B%3C%2FI%3E%3CI%3Efactor%26nbsp%3Bauthenticators%3C%2FI%3E%26nbsp%3B%3C%2FFONT%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EThe%20illustration%20below%20shows%20how%20a%20multifactor%20authentication%20can%20be%20performed%20using%20a%20memorized%20secret%20(something%20you%20know)%20authenticator%20along%20with%20an%20out%20of%20band%20(something%20you%20have)%20authenticator.%20The%20user%20performs%20two%20independent%20authentication%20transactions%20with%20Azure%20AD.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%3CBR%20%2F%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%224.png%22%20style%3D%22width%3A%20516px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F252824i987D8842DFBAC9C2%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%224.png%22%20alt%3D%224.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20aria-level%3D%224%22%3E%3CSTRONG%3E%3CFONT%20size%3D%224%22%3E%3CI%3EMultifactor%20authentication%20using%20a%20single%20multifactor%26nbsp%3Bauthenticator%3C%2FI%3E%26nbsp%3B%3C%2FFONT%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CLI-WRAPPER%3E%3CI%3E%3C%2FI%3E%3C%2FLI-WRAPPER%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EThe%20illustration%20below%20shows%20how%20a%20multifactor%20authentication%20is%20performed%20using%20a%20single%20multifactor%20cryptographic%20authenticator%20requiring%20one%20authentication%20factor%20(something%20you%20know%20or%20something%20you%20are)%20to%20unlock%20a%20second%20authentication%20factor%20(something%20you%20have).%20The%20user%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Euses%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ea%20single%20authentication%20transaction%20with%20Azure%20AD.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%225.png%22%20style%3D%22width%3A%20598px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F252825iEA4236D0786B2DB4%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%225.png%22%20alt%3D%225.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20aria-level%3D%222%22%3E%3CFONT%20size%3D%225%22%3E%3CSTRONG%3EMicrosoft%26nbsp%3BPasswordless%26nbsp%3BAuthenticators%20mapped%20to%20NIST%26nbsp%3B800-63%26nbsp%3BAALs%26nbsp%3B%3C%2FSTRONG%3E%3C%2FFONT%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EMicrosoft%26nbsp%3Bpasswordless%26nbsp%3Bauthenticators%20allow%20multifactor%20authentication%20using%20a%20single%20authenticator%20and%20eliminate%20the%20dependency%20on%20memorized%20secret%20(password)%20authenticator%20and%20the%20associated%20password%20attacks%20(see%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fyour-pa-word-doesn-t-matter%2Fba-p%2F731984%22%20target%3D%22_blank%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EYour%20Pa%24%24word%20doesn%E2%80%99t%20matter%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E).%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20data-tablestyle%3D%22MsoTableGrid%22%20data-tablelook%3D%221184%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20data-celllook%3D%220%22%3E%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAuthentication%20method%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335551550%26quot%3B%3A2%2C%26quot%3B335551620%26quot%3B%3A2%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20data-celllook%3D%220%22%3E%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3ENIST%20Authenticator%20type%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335551550%26quot%3B%3A2%2C%26quot%3B335551620%26quot%3B%3A2%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20data-celllook%3D%220%22%3E%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAAL%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335551550%26quot%3B%3A2%2C%26quot%3B335551620%26quot%3B%3A2%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20data-celllook%3D%220%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fauthentication%2Fconcept-authentication-passwordless%23windows-hello-for-business%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EWindows%20Hello%20for%20Business%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20data-celllook%3D%220%22%3E%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EMulti-factor%20cryptographic%20hardware%20(with%20TPM)%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EMulti-factor%20cryptographic%20software%20(without%20TPM)%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20data-celllook%3D%220%22%3E%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAAL3%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335551550%26quot%3B%3A2%2C%26quot%3B335551620%26quot%3B%3A2%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAAL2%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335551550%26quot%3B%3A2%2C%26quot%3B335551620%26quot%3B%3A2%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20data-celllook%3D%220%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fauthentication%2Fconcept-authentication-passwordless%23microsoft-authenticator-app%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EMicrosoft%20Authenticator%20app%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20data-celllook%3D%220%22%3E%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EMulti-factor%20cryptographic%20hardware%20(Android)%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EMulti-factor%20cryptographic%20software%20(iOS)%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20data-celllook%3D%220%22%3E%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAAL2%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335551550%26quot%3B%3A2%2C%26quot%3B335551620%26quot%3B%3A2%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAAL2%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335551550%26quot%3B%3A2%2C%26quot%3B335551620%26quot%3B%3A2%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20data-celllook%3D%220%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Fauthentication%2Fconcept-authentication-passwordless%23fido2-security-keys%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EFIDO2%20security%20keys%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22none%22%3E*%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20data-celllook%3D%220%22%3E%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EMulti-factor%20cryptographic%20hardware%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20data-celllook%3D%220%22%3E%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EAAL3%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335551550%26quot%3B%3A2%2C%26quot%3B335551620%26quot%3B%3A2%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3E*FIDO2%20Security%20Key%20partners%20such%20as%26nbsp%3BFeitian%2C%20Thales%20(formerly%20Gemalto)%2C%26nbsp%3BTrustKey%26nbsp%3B(formerly%26nbsp%3BeWBM)%2C%20and%26nbsp%3BYubico%2C%20are%20in%20the%20process%20of%20certifying%20their%20FIDO2%20security%20keys%20with%20FIPS%20140.%3C%2FSPAN%3E%3C%2FI%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EFederal%20agencies%2C%20organizations%20working%20with%20federal%20agencies%20and%20organizations%20in%20regulated%20industries%20seeking%20Federal%20Information%20Processing%20Standards%20140%20(FIPS%20140)%20verification%20are%20advise%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ed%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Bto%20reference%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FMicrosoft-NIST%2FAAL%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EAchieving%20National%20Institute%20of%20Standards%20and%20Technology%20Authenticator%20Assurance%20Levels%20with%20the%20Microsoft%20Identity%20Platform%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Band%20conduct%20risk%20assessment%20and%20evaluation%20before%20accepting%20these%20authenticators%20as%20AAL2%2F3.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A60%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3ECheck%20out%20the%20other%20posts%20in%20this%20series%3A%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FTAPpreview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ETemporary%20Access%20Pass%20is%20now%20in%20preview%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fidentity-standards-blog%2Fwhat-s-new-in-passwordless-standards-2021-edition%2Fba-p%2F2124136%22%20target%3D%22_self%22%3EWhat's%20New%20in%20Passwordless%20Standards%2C%202021%20edition!%3C%2FA%3E%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E10%20Reasons%20to%20Love%20Passwordless%20%231%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2F10-reasons-to-love-passwordless-1-fido-rocks%2Fba-p%2F2111918%22%20target%3D%22_blank%22%3EFIDO%20Rocks%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E10%20Reasons%20to%20Love%20Passwordless%20%232%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2F10-reasons-to-love-passwordless-2-nist-compliance%2Fba-p%2F2115725%22%20target%3D%22_blank%22%3ENIST%20Compliance%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E10%20Reasons%20to%20Love%20Passwordless%20%233%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CFONT%20size%3D%223%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2F10-reasons-to-love-passwordless-3-why-biometrics-and%2Fba-p%2F1751769%22%20target%3D%22_self%22%3EWhy%20biometrics%20and%20passwordless%20are%20a%20dream%20combination%3C%2FA%3E%3C%2FFONT%3E%3C%2FLI%3E%0A%3CLI%3E10%20Reasons%20to%20Love%20Passwordless%20%234%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2F10-reasons-to-love-passwordless-4-secure-your-digital-estate%2Fba-p%2F2115724%22%20target%3D%22_self%22%3ESecure%20your%20digital%20estate%2C%20while%20securing%20your%20bottom%20line%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E10%20Reasons%20to%20Love%20Passwordless%20%235%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2F10-reasons-to-love-passwordless-5-the-ease-of-use-and%2Fba-p%2F2115717%22%20target%3D%22_self%22%3EThe%20Ease%20of%20Use%20and%20Portability%20of%20Security%20Keys%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E10%20Reasons%20to%20Love%20Passwordless%20%236%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2F10-reasons-to-love-passwordless-6-the-passwordless-funnel%2Fba-p%2F2144513%22%20target%3D%22_self%22%3EThe%20Passwordless%20Funnel%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E10%20Reasons%20to%20Love%20Passwordless%20%237%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2F10-reasons-to-love-passwordless-7-authenticator-app-for-easy%2Fba-p%2F1751773%22%20target%3D%22_self%22%3EAuthenticator%20app%20for%20easy%20phone%20sign%20in%3C%2FA%3E%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3E10%20Reasons%20to%20Love%20Passwordless%20%238%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2F10-reasons-to-love-passwordless-8-you-won-t-get-phished%2Fba-p%2F2147056%22%20target%3D%22_self%22%3EYou%20won't%20get%20phished!%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E10%20Reasons%20to%20Love%20Passwordless%20%239%3A%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2F10-reasons-to-love-passwordless-9-onboard-without-a-password%2Fba-p%2F1751774%22%20target%3D%22_self%22%3EOnboard%20without%20a%20password%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E10%20Reasons%20to%20Love%20Passwordless%20%2310%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2F10-reasons-to-love-passwordless-10-never-use-a-password%2Fba-p%2F2111909%22%20target%3D%22_self%22%3ENever%20use%20a%20password%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3ELearn%20more%20about%20Microsoft%20identity%3A%3C%2FSPAN%3E%3C%2FI%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559685%26quot%3B%3A360%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%20data-leveltext%3D%22%EF%82%B7%22%20data-font%3D%22Symbol%22%20data-listid%3D%2214%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%221%22%20data-aria-level%3D%221%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3EReturn%20to%20the%26nbsp%3B%3C%2FSPAN%3E%3C%2FI%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fbg-p%2FIdentity%22%20target%3D%22_blank%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3EAzure%20Active%20Directory%20Identity%20blog%20home%3C%2FSPAN%3E%3C%2FI%3E%3C%2FA%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233279%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%20data-leveltext%3D%22%EF%82%B7%22%20data-font%3D%22Symbol%22%20data-listid%3D%2214%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%222%22%20data-aria-level%3D%221%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3EJoin%20the%20conversation%20on%26nbsp%3B%3C%2FSPAN%3E%3C%2FI%3E%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fazuread%2Fstatus%2F1278418103903363074%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3ETwitter%3C%2FSPAN%3E%3C%2FI%3E%3C%2FA%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3Band%26nbsp%3B%3C%2FSPAN%3E%3C%2FI%3E%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fshowcase%2Fmicrosoft-security%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3ELinkedIn%3C%2FSPAN%3E%3C%2FI%3E%3C%2FA%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233279%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%20data-leveltext%3D%22%EF%82%B7%22%20data-font%3D%22Symbol%22%20data-listid%3D%2214%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%223%22%20data-aria-level%3D%221%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22auto%22%3EShare%20product%20suggestions%20on%20the%26nbsp%3B%3C%2FSPAN%3E%3C%2FI%3E%3CA%20href%3D%22https%3A%2F%2Ffeedback.azure.com%2Fforums%2F169401-azure-active-directory%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3EAzure%20Feedback%20Forum%3C%2FSPAN%3E%3C%2FI%3E%3C%2FA%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233279%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2115725%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22TextRun%20%20BCX8%20SCXW129005983%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20%20BCX8%20SCXW129005983%22%20data-ccp-charstyle%3D%22Heading%202%20Char%22%3ELearn%20how%20u%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22TextRun%20%20BCX8%20SCXW129005983%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20%20BCX8%20SCXW129005983%22%20data-ccp-charstyle%3D%22Heading%202%20Char%22%3Esing%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20SpellingErrorV2%20%20BCX8%20SCXW129005983%22%20data-ccp-charstyle%3D%22Heading%202%20Char%22%3Epasswordless%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20%20BCX8%20SCXW129005983%22%20data-ccp-charstyle%3D%22Heading%202%20Char%22%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eauthentication%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22TextRun%20%20BCX8%20SCXW129005983%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20%20BCX8%20SCXW129005983%22%20data-ccp-charstyle%3D%22Heading%202%20Char%22%3Ehelps%20you%20adhere%20t%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22TextRun%20%20BCX8%20SCXW129005983%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20%20BCX8%20SCXW129005983%22%20data-ccp-charstyle%3D%22Heading%202%20Char%22%3Eo%20NIST%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22TextRun%20%20BCX8%20SCXW129005983%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20%20BCX8%20SCXW129005983%22%20data-ccp-charstyle%3D%22Heading%202%20Char%22%3EAuthentication%20Assurance%20Levels%20(AAL)%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22TextRun%20%20BCX8%20SCXW129005983%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20%20BCX8%20SCXW129005983%22%20data-ccp-charstyle%3D%22Heading%202%20Char%22%3Eand%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22TextRun%20%20BCX8%20SCXW129005983%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20%20BCX8%20SCXW129005983%22%20data-ccp-charstyle%3D%22Heading%202%20Char%22%3Eachieve%20a%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22TextRun%20%20BCX8%20SCXW129005983%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20%20BCX8%20SCXW129005983%22%20data-ccp-charstyle%3D%22Heading%202%20Char%22%3Emore%20secure%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22NormalTextRun%20ContextualSpellingAndGrammarErrorV2%20%20BCX8%20SCXW129005983%22%20data-ccp-charstyle%3D%22Heading%202%20Char%22%3Eauthentication%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22TextRun%20%20BCX8%20SCXW129005983%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20ContextualSpellingAndGrammarErrorV2%20%20BCX8%20SCXW129005983%22%20data-ccp-charstyle%3D%22Heading%202%20Char%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%224.png%22%20style%3D%22width%3A%20516px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F252826i74EC80FDCD023DC4%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%224.png%22%20alt%3D%224.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Version history
Last update:
‎Aug 19 2021 04:22 PM
Updated by: