M
MikeIndiaKiloEcho
Hi. Been using Windows 10 ever since it came out. Windows Hello with YubiKey 4 never had a problem. All updates to 1903 were fine but then, recently I upgraded to 1909 because someone suggested that might fix an issue I had with Your Phone companion.
Now, Windows Hello no longer works with YubiKey 4. Windows security key sign-In management refuses to recognize that its a valid security key.
To eliminate the possibility that the key has somehow gone bad, I jumped onto the Yubico website and downloaded Yubico Client for Windows and the key is recognized fine and validated working with that client. I would have stuck with that client but it doesn't have the convenience of Windows Hello.
After uninstalling the Yubico client, I went about to try a standard Yubico Security Key. This worked fine.
I am now suspecting that Microsoft has removed support for FIDO U2F from Windows Hello security key functionality and replaced it with a FIDO2 implementation (instead of supporting both) because that is the only significant difference. YubiKey 4 also supports a number of other authentication standards such as OTP, OAUTH, OpenPGP, smart cards, etc which the Yubico Security Key does not support but I don't believe Windows Hello implements these capabilities in security keys.
Can anyone confirm? It just means I have to buy a YubiKey 5 with FIDO2 support but its a real pain for Microsoft to simply dump support for FIDO U2F when a year or two ago, it was considered the mainstream security 2nd factor key implementation before OAUTH and FIDO2 specifications were solid.
Continue reading...
Now, Windows Hello no longer works with YubiKey 4. Windows security key sign-In management refuses to recognize that its a valid security key.
To eliminate the possibility that the key has somehow gone bad, I jumped onto the Yubico website and downloaded Yubico Client for Windows and the key is recognized fine and validated working with that client. I would have stuck with that client but it doesn't have the convenience of Windows Hello.
After uninstalling the Yubico client, I went about to try a standard Yubico Security Key. This worked fine.
I am now suspecting that Microsoft has removed support for FIDO U2F from Windows Hello security key functionality and replaced it with a FIDO2 implementation (instead of supporting both) because that is the only significant difference. YubiKey 4 also supports a number of other authentication standards such as OTP, OAUTH, OpenPGP, smart cards, etc which the Yubico Security Key does not support but I don't believe Windows Hello implements these capabilities in security keys.
Can anyone confirm? It just means I have to buy a YubiKey 5 with FIDO2 support but its a real pain for Microsoft to simply dump support for FIDO U2F when a year or two ago, it was considered the mainstream security 2nd factor key implementation before OAUTH and FIDO2 specifications were solid.
Continue reading...