It depends on what type of key you buy, but some vendors ship keys for less than $10. So, when that next passwordless project comes along, your users are already equipped with the right hardware. As stated before, FIDO2 keys support passwordless sign-in. FIDO2 is supported by many more platforms, so your users can use the same key to protect both work and school accounts as their social accounts like Twitter and Google. FIDO2 keys can be set up by the end-users, so will take away the burden from IT.
Enabling OATH tokens for Azure MFA is labor-intensive. Using FIDO2 keys instead of OATH hardware keys can have some benefits: That brings another option to the table when we talk about this specific use case. But it can also be used as a verification method for Azure MFA now. Although this works pretty well (check out this blog post by Oktay), we have a new kid on the block now: FIDO2 security keys.įIDO2 security keys can be used for a passwordless experience in Azure AD, where it replaces the password entirely. The everlasting questionĭuring every Azure MFA implementation I got the same question over and over again: What if the user doesn’t want to use their (personal) mobile phone for verification? Up until now, OATH hardware token was the only option here. Now, I was surprised to see FIDO2 security key popping up in this list. Take a look at this list of supported authentication methods, and notice that passwordless methods can also be used as a form of verification for Azure AD Multi-Factor Authentication: This news seems to be kept under the radar a little bit, but I wanted to point out a new feature in Azure AD that might help out some organizations with their Azure MFA implementations.
0 kommentar(er)
