Microsoft warned customers on Tuesday that FIDO2 safety keys could immediate them to enter a PIN when signing in after putting in Home windows updates launched because the September 2025 preview replace.
This conduct could be noticed on gadgets operating Home windows 11 model 24H2 or 25H2 when an identification supplier requests person verification throughout authentication.
Microsoft says that is an intentional change to adjust to WebAuthn specs, which dictate how authentication strategies equivalent to PINs, biometrics, and {hardware} safety keys ought to deal with person verification requests.
Person verification confirms that the person is current and approved to make use of a safety key, usually by way of a PIN or biometric scan. Underneath WebAuthn requirements, verification could be discouraged, most popular, or required. When set to “most popular,” the usual requires platforms to arrange a PIN if the authenticator helps person verification.
Help for this function started regularly rolling out to all Home windows 11 gadgets after the KB5065789 preview replace, and the deployment accomplished with the November KB5068861security replace.
“After putting in the Home windows replace, September 29, 2025—KB5065789 (OS Builds 26200.6725 and 26100.6725) Preview, or later updates, you is likely to be required to create a PIN to register with a safety key, even when a PIN was not required or set throughout your preliminary registration,” Microsoft mentioned in a Tuesday assist doc.
“This conduct will happen when a Relying Occasion (RP) or Identification Supplier (IDP) requests Person Verification = Most well-liked throughout authentication with a Quick IDentity On-line 2 (FIDO2) safety key that doesn’t have a PIN set.”
Organizations and providers that do not need customers creating or coming into PINs for safety keys can set person verification to “discouraged” of their WebAuthn configuration settings.
“Help for PIN setup within the authentication circulate was added to be constant throughout each registration and authentication flows,” Microsoft added.
FIDO2 safety keys present passwordless authentication by requiring bodily possession of a USB, NFC, or Bluetooth token. This know-how has been more and more adopted as organizations search alternate options to conventional passwords to dam phishing, credential theft, and different password-based assaults.
It is finances season! Over 300 CISOs and safety leaders have shared how they’re planning, spending, and prioritizing for the 12 months forward. This report compiles their insights, permitting readers to benchmark methods, establish rising developments, and evaluate their priorities as they head into 2026.
Learn the way prime leaders are turning funding into measurable impression.
