FIDO2 Security Keys: FAQ

FAQ - FIDO2 Security Keys FAQ - Office365/ Azure AD (Microsoft Entra ID) MFA

---

What are FIDO2 Security Keys?

FIDO2 Security Keys are small, physical devices that provide strong, hardware-based authentication. They replace or supplement traditional passwords, making your online accounts much more secure.

Why Should I Use a FIDO2 Security Key?

• Enhanced Security: They are highly resistant to phishing and man-in-the-middle attacks.
• Ease of Use: Simple setup and usage process.
• Broad Compatibility: Compatible with many major services and platforms.
  
  

What Do I Need to Start Using a FIDO2 Security Key?

You don’t need any special tools to start using a FIDO2 security key. Most operating systems and modern web browsers support them out of the box.

Which Operating Systems and Browsers Support FIDO2 Security Keys?

• Operating Systems: Windows, macOS, Linux¹, Android², iOS
• Browsers: Chrome, Firefox, Edge, Safari
  
  

¹ - USB support is fully available with Linux. However, using NFC transport may be unstable depending on the distro and NFC reader used.
² - USB support is fully available with the latest Android. However, using NFC transport is not supported if the key is PIN-protected (as of July 2024).

How Do I Set Up My FIDO2 Security Key?

For PC/Laptop

1. Insert the Key: Plug the FIDO2 key into your computer’s USB port (USB-A or USB-C).
2. Go to Account Security Settings: Open the security settings of the service you want to secure (e.g., Google, Microsoft, Facebook).
3. Add a Security Key: Find the option to add a security key under two-factor authentication (2FA), Passkeys or security settings.
4. Follow Prompts: The website will guide you through the process, usually involving touching the key’s button to confirm your identity.
5. Backup Methods: Set up a backup method : another FIDO2 key (recommended), an authenticator app, or recovery codes.

For Mobile Devices

1. Connect via USB-C or NFC: Depending on your key’s compatibility and your phone’s capabilities.
2. Access Security Settings: Go to the security settings of the app/service you want to secure.
3. Add Security Key: Find the option to add a security key in the 2FA settings.
4. Follow Instructions: Follow the app’s instructions to register the key.
   

Detailed step-by-step guides for certain services are available on our website.

How Do I Use My FIDO2 Security Key?

1. Logging In: Insert the key into your device or use NFC.
2. Authentication: Touch the key’s button when prompted.
3. Access Granted: You’re now securely logged in.
   
   

What If I Lose My FIDO2 Security Key?

• Backup Methods: Use your backup methods (another security key, authenticator app, or recovery codes) to regain access.
• Account Settings: Remove the lost key from your account settings immediately.
  
  
  

Do I Need Any Tools for Advanced Operations?

For advanced operations like passkey management, you may need specific tools or software. Tools like FIDO2.1 Manager (open-source), Chrome Security Key management and similar can help manage your keys and credentials.

How Can I Manage Multiple FIDO2 Security Keys?

• Multiple Keys: Keep more than one key registered to your accounts for backup.
• Label Your Keys: Label your keys to differentiate them.
• Periodic Review: Regularly review your security settings to ensure all keys are up to date and properly configured. Compare the list of accounts/services enrolled with your primary and backup keys.

What Should I Do If My Key is Not Recognized?

• Check Connection: Ensure the key is properly inserted and the device supports the key’s connection type (USB, NFC).
• Device Compatibility: Verify that your device and browser support FIDO2 keys.
• Software Updates: Ensure your device and browser are updated to the latest versions.

Are There Any Limitations to Using FIDO2 Security Keys?

• Service Support: Not all online services support FIDO2 keys yet, although support is growing.
• Physical Access: You need physical access to your key to log in, so always have it handy.

What is Entra ID Passwordless with FIDO2 and is it MFA?

Entra ID (formerly Azure Active Directory, AAD) Passwordless authentication allows users to sign in without using a password. This method is considered Multi-Factor Authentication (MFA) because it combines at least two forms of authentication factors:

• Possession Factor: Something you have (e.g., your FIDO2 security key).
• Inherence Factor: Something you are (e.g., biometric verification like a fingerprint).

By eliminating passwords and using stronger authentication factors, Entra ID Passwordless significantly enhances security and user experience.

Summary

FIDO2 security keys provide an additional layer of security and are easy to use. With this guide, you can confidently add and use these keys to protect your online accounts. Remember to keep backup options and review your security settings regularly for optimal protection.