Protect your accounts with FEITIAN FIDO2 Security Keys and Passwordless Authentication
Traditionally, many services and online systems would ask you for a username and password when you need to authenticate and identify yourself before using that given service or system. But, the evolution of security in Web and Tech shows that these traditional methods may not be the most secured ways to manage your accounts and authenticate on the different services and apps you use.
This is where new authentication standards such as FIDO2 are useful in battling all those issues, including scenarios that you compromise your credentials and passwords.
FIDO2 stands for Fast Identity Online and is an open authentication standard, hosted by the FIDO Alliance, that provides a set of specifications that enables users to leverage common devices to easily authenticate to online services in both mobile and desktop environments.
Using FEITIAN Technologies BioPass FIDO2 K33
This security key has amazing features, including support to USB-C and Biometric, to enable you to use your fingerprint while authenticating using this key.
- Other functions (requires contacting FEITIAN Technologies)
Configuring BioPass FIDO2 security key
Before you start to use your security key online or with your devices, you need to configure it.
FEITIAN provides a great article explaining how you can start setting up your biometric key, depending on the operating system you are using.
In my case, I used Windows Store to install the BioPass FIDO2 Manager, which is an app provided by FEITIAN Technologies, that enables you to manage your FIDO2 security keys. You will need to configure a PIN and one or more fingerprints. Below you have a screenshot of the app and the configuration I used for my key.
Configuring Windows 10/11 Devices to sign in with FIDO2 security key
So, my first test was to configure my Microsoft account and my Windows 11 device to be able to sign in using the FIDO2 security key. You have a great article available explaining all the steps on how to do it, so instead of rewriting all the info, I prefer to share here the link so you can use it to configure it, as I did.
Note: There are some prerequisites that you need to meet to use FIDO2 authentication with your Windows device. Please check them in the link above and ensure you meet them. In my case, I am using an Azure AD joined device running Windows 11 Pro.
Honestly, I forgot to capture a screenshot of my windows sign-in lock screen, but I am reusing the image available in the link above to share with you the look and feel after enabling passwordless authentication using FIDO2 security keys. As you can see, in the screenshot below, once you enable passwordless authentication using security key, you have that option available in the sign-in options. That means, you only need to connect your key with your device and, in this scenario, use your fingerprint to authenticate.
Clearly, after you giving it a try, you will understand how smooth and simple it is to use your security key to authenticate, instead of the traditional method using username and password. And personally, since this key has this biometric validation, I feel more confident to use it, because even if I lose it and someone finds and tries to use it, the person will not be able to use it successfully.
Enabling passwordless security key sign-in in Azure
Another test I did was using the security key with my Azure tenant and account. Again, I could write down all the steps here for you, but I believe Microsoft provides a great article in this link explaining all the steps.
Summarizing, you will need to access the Azure Portal using your Azure account and configure the authentication methods in the Azure Active Directory.
The image below shows the authentication methods configured in Azure Active Directory. So, once you configure the FIDO2 Security Key method, you should see it in your list of authentication methods enabled.
Once, you configure them, then you should be able to logout and login again, this time using your security key, instead of your account’s credentials.
How secure is your FIDO2 security key
BioPass FIDO2 keys has an embedded security chip that encrypts all the captured data, including your fingerprint data and PIN. FEITIAN Technologies claims it is impossible for someone to reverse engineer your security key and get access to the stored data.
So, as I mentioned before, even if you lose your key, it will not be possible for someone else to use your key to impersionate you. Unless of course, the person has a way to provide your fingerprints, or maybe some way to hack these devices that we are not aware at the moment.
This is my first time testing FIDO2 security keys, and I have to say I am really impressed with the quality and experience using FEITIAN Technologies Security Keys. The process to configure and start using the security key was easy and quick, and it worked really well in all the tests I did using it.
Of course, there are some limitations as well of using these keys, including the fact that is not currently supported by some online services and apps, but that does not mean you cannot use this approach for other services and apps, such as Windows devices and Azure. And of course, some of the services and apps you use that do not support FIDO2 security keys and passwordless authentication, you can use alternative mechanisms such as Multi-factor authentication.