Microsoft announced that Windows updates since September 2025 may cause FIDO2 security keys to prompt for a PIN during sign-in, aligning with WebAuthn standards. This change enhances security but can be adjusted in WebAuthn settings for organizations seeking to disable PIN prompts. #WebAuthn #FIDO2SecurityKeys
Keypoints
- Windows updates since September 2025 have introduced a new PIN prompt behavior for FIDO2 security keys.
- This change is intentional to comply with WebAuthn specifications for user verification.
- Devices running Windows 11 versions 24H2 or 25H2 will sometimes require a PIN during authentication.
- Organizations can configure WebAuthn settings to discourage PIN creation and use.
- The support for this feature rollout began with update KB5065789 and completed with KB5068861.