undefined | Better HN

0 pointsmichaelt2y ago0 comments

Because Microsoft's implementation is incredibly boneheaded, and doesn't allow the Google-style mechanism of username+password+Yubikey. They only support U2F/Webauthn as an alternative to a password.

I assume Microsoft is hoping to make Windows the main Webauthn provider out there, to tie online identities into the Windows login process for easier tracking/advertising.

0 comments

pQd2y ago

Also - thanks to that FIDO2 does not seem to be usable with Microsoft's MS365 services [ Teams, Outlook, Excel etc ] on Android or iOS. there's no way to provide pin for the security key, regardless if it's plugged in via the USB port or used via NFC.

https://learn.microsoft.com/en-us/azure/active-directory/aut...

bummer

j / k navigate · click thread line to collapse

0 pointsmichaelt2y ago0 comments

I assume Microsoft is hoping to make Windows the main Webauthn provider out there, to tie online identities into the Windows login process for easier tracking/advertising.

0 comments

pQd2y ago

https://learn.microsoft.com/en-us/azure/active-directory/aut...

bummer

j / k navigate · click thread line to collapse