Windows 10 1903 FIDO U2F Support

blugeminii · May 27, 2019, 11:57am

Windows 10 has just released build 1903 and with this, has been certified as FIDO compliant (As seen in this article. You can now use a Security Key with Windows Hello to unlock your PC, however when I try to enroll my Nitro Key FIDO U2F, it just states ‘you cannot use this key, please try another one’. I have used this key to enroll in Google, so I know the key works.

Can you confirm when this will become available?

szszszsz · May 27, 2019, 12:53pm

Hi!

I am confused as well. I think I have read in some of the past articles, that external FIDO2 device could unlock the Windows account, but it seems later this decision was changed. The article you have linked describes that:

Microsoft account could be unlocked with the FIDO2 device as a 1FA (without login or password),
MS Windows 10 could work as a FIDO2 device by itself, using its Hello feature (which itself works based on an embedded hardware security chip, soldered to the motherboard of laptop, tablet etc.).

It is mentioned, that FIDO2 could be used to login, but as far as I know, this concerns only PCs in networks handled by MS Windows Server / Active Directory.

We were reaching to Microsoft regarding the possibility of unlocking the Windows 10 local account using a FIDO2 device, but we had not received, nor find on the web, any deadline or plans for implementing such a feature. I spend some time to configure it too, without success. If you would find any information how to make it work though, please let us know.

As for the Nitrokey FIDO U2F device, it might be possible to use it for unlocking account on Windows by some (unfortunately paid) 3rd party software. I am not sure Microsoft has ever taken FIDO U2F into account; perhaps got to FIDO2 directly.

blugeminii · May 27, 2019, 1:18pm

Great, it’s not just me! Thanks for pointing out that the key is FIDO U2F, while Windows is stating FIDO2, which is not the same thing! I keep on getting confused.

Reiner030 · May 30, 2019, 12:58pm

If you had searched for FIDO2 then you get clear answers already

FIDO U2F != FIDO2 !!!
Would be nice to have it already but FIDO/FIDO2 are totally different protocols so I read in this forum/other blogs.

Nitrokey sponsored https://solokeys.com/ project and would offer this key also directly; last answer was in this thread:

Nov 18th, 2018
Yes. No specific time frame yet, release expected within next year.

… so maybe end of this year or next year we could expect the new NitroKeys with FIDO2 support (and myself I prefer also with NFC which helps to authenticate also for mobile devices much easier)^^

And even Yubikeys can’t be upgraded and for FIDO2 they have created new devices as written in Internet Security and Company Blog | Yubico