May 12 2021 10:50 AM
I am trying to pilot using FIDO2 hardware keys for MFA with Office 365. I see the option to add a hardware key in my Office 365 account security options. After inserting my hardware key, I get a message in Microsoft Edge that says "PIN required - Enter the PIN for your security key". This is a Yubikey, and it is not currently registered as an authentication method on my account. I don't have a PIN for it. Why am I being asked for this? I want to use this key my MFA authentication method, replacing my usual method of a mobile phone authenticator app.
May 29 2021 11:49 PM
Jun 01 2021 05:15 AM
@Joe Stocker Thank you for your reply. That's good to know, and that does answer my question.
That's unfortunate as my ideal configuration would be multi-factor with just password (something I know) and a hardware key (something I have) (so no third factor - no PIN), which is more consistent with the way most of the other services I use have implemented FIDO keys.
Thanks again for your help.
Sep 15 2022 04:48 PM
I too feel the PIN is not necessary for 2FA as the password is the first factor and the presence of the key is the second factor.
It would be nice if things could be configured this way. Perhaps I am missing something -- if so, can someone enlighten me?
I have a YubiKey 5 nano and a YubiKey 5C NFC.