cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Managing PIN complexity on FIDO Security Keys

Chris Yue
Iron Contributor

‎Jun 01 2021 07:33 AM

‎Jun 01 2021 07:33 AM

Managing PIN complexity on FIDO Security Keys

I have FIDO2 security keys working as part of Windows Hello for Business login to Windows 10 devices.

 

Whilst I can set PIN complexity as part of the user gesture PIN code, I don't seem to be able to do this when FIDO2 keys are used.

 

I am using the on KEY-ID ones that requires a PIN followed by a button press on the key to confirm physical presence.

 

Can anyone advise in this regard?

Labels:
5,478 Views
0 Likes
6 Replies
Reply
6 Replies
SorenSonnichsen225

‎Feb 21 2022 12:25 AM

‎Feb 21 2022 12:25 AM

Re: Managing PIN complexity on FIDO Security Keys

Hi, we have the exactly same issue, we would like to use FIDO2 keys, but the PIN security is way to bad for our security department.
Does anyone at Microsoft have an answer?
0 Likes
Reply
Jan Bakker

‎Feb 23 2022 03:07 AM

‎Feb 23 2022 03:07 AM

Re: Managing PIN complexity on FIDO Security Keys

FIDO2 standard does not use complexity by default.
So 1111 and 1234 are allowed.

0 Likes
Reply
SorenSonnichsen225

‎Feb 23 2022 03:52 AM

‎Feb 23 2022 03:52 AM

Re: Managing PIN complexity on FIDO Security Keys

Hi Jan
Yes, and that is exactly the issue.
Do you know whether it is possible to apply/force complexity rules to FIDO2 devices?
0 Likes
Reply
Jan Bakker

‎Feb 26 2022 10:20 PM

‎Feb 26 2022 10:20 PM

Re: Managing PIN complexity on FIDO Security Keys

Unfortunately not.

But check out this key: https://janbakker.tech/this-might-be-the-fido2-key-for-you-authentrend-atkey-pro/

You can do offline enrollment of the fingerprint, so a user is never prompted to configure a PIN. If you’re interested, please ping me on socials for a free sample.
0 Likes
Reply
Kalimanne J

‎Mar 09 2022 05:32 PM

‎Mar 09 2022 05:32 PM

Re: Managing PIN complexity on FIDO Security Keys

Then what happens if the user’s fingerprint fails to be read for any reason such as wet hands?
The FIDO2 keys generally fail over to the PIN after some number of biometric fails and they won’t know the PIN.
0 Likes
Reply
Emin Huseynov

‎Jul 12 2023 06:30 AM

‎Jul 12 2023 06:30 AM

Re: Managing PIN complexity on FIDO Security Keys

You cannot manage as such, but you can choose the devices with enforced PIN complexity. The only ones enforcing PIN complexity are the PIN+ Series from Token2. Sales start in September 2023

https://www.token2.swiss/site/page/blog?p=posts/70
0 Likes
Reply