deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-22 05:43:41 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Added link to CTAP spec

Browse Source
This commit is contained in:
Aabha Thipsay
2018-10-30 16:05:02 -07:00
parent 8b5e4e64b8
commit b354ec0adb
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
View File

@ -14,14 +14,14 @@ ms.date: 10/25/2018
# What is a Microsoft compatible security key? # What is a Microsoft compatible security key?
Microsoft has been aligned with the [FIDO Alliance](https://fidoalliance.org/) from the start with a mission to replace passwords with an easy to use, strong credential. We have been working with our partners to extensively test and deliver a seamless and secure authentication experience to end users. Microsoft has been aligned with the [FIDO Alliance](https://fidoalliance.org/) from the start with a mission to replace passwords with an easy to use, strong credential. We have been working with our partners to extensively test and deliver a seamless and secure authentication experience to end users.
The FIDO2 CTAP specification contains a few optional features and extensions which are crucial to provide that seamless and secure experience. The [FIDO2 CTAP specification](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html) contains a few optional features and extensions which are crucial to provide that seamless and secure experience.
A security key **must** implement the following features and extensions from the FIDO2 CTAP protocol to be Microsoft compatible: A security key **must** implement the following features and extensions from the FIDO2 CTAP protocol to be Microsoft compatible:
| #</br> | Feature / Extension trust</br> | Why is this required? </br> | Relevant Section in FIDO2 CTAP specification</br>| | #</br> | Feature / Extension trust</br> | Why is this required? </br> |
| --- | --- | --- | --- | | --- | --- | --- |
| 1 | Resident key | This feature enables the security key to be portable, where your credential is stored on the security key | Section XXX | | 1 | Resident key | This feature enables the security key to be portable, where your credential is stored on the security key |
| 2 | Client pin | This feature enables security keys to protect your credentials with a second factor like PIN </br> We recommend strong multi-factor credentials for authentication to all Microsoft services| Section XXX | | 2 | Client pin | This feature enables security keys to protect your credentials with a second factor like PIN </br> We recommend strong multi-factor credentials for authentication to all Microsoft services|
| 3 | hmac-secret | This extension ensures you can sign-in to your device when it's off-line or in airplane mode | Section XXX | | 3 | hmac-secret | This extension ensures you can sign-in to your device when it's off-line or in airplane mode |
| 4 | Multiple accounts per RP | This feature ensures you can use the same security key across multiple services like MSA and AAD | Section XXX | | 4 | Multiple accounts per RP | This feature ensures you can use the same security key across multiple services like MSA and AAD |