Microsoft Account Key Generation For Login
Editor’s note 11/26/2018:
This post was updated to include information on the availability of password-less sign-in.
If you have a Bing Maps account, sign in with the Microsoft account that you used to create the account or create a new one. For new accounts, follow the instructions in Creating a Bing Maps Account. Select My keys under My Account. Select the option to create a new key. Provide the following information to create a key: Application name. Dec 08, 2017 Microsoft will also send you a copy of the product key in a confirmation email. If you don’t see the confirmation email, check your junk mail folder. If you still don’t find it, log into the Microsoft Store Downloads Product Keys Subscription page. Then click the Digital Content tab to see your previous purchases along with your. Mar 29, 2019 Microsoft Office 2016 is the latest version of Microsoft Office which succeeds Microsoft Office 2013. Microsoft Office 2016 Product Key is the key that will provide you to work with Office 2016 professional plus.If you are using Office 365, you can easily upgrade to Office 2016 using MS Office 2016 Product Key. To start using a hardware key for Microsoft login, first update your system to Windows 10 October 2018. Go to the Microsoft account page in the Edge browser and sign in as normal. The recovery password and recovery key for an operating system drive or a fixed data drive can be saved to a folder, saved to one or more USB devices, saved to your Microsoft Account, or printed. For removable data drives, the recovery password and recovery key can be saved to a folder, saved to your Microsoft Account, or printed. Step 2: In the Sign in to set up Office window, select I don't want to sign in or create an account (it's a small link at the bottom of the window). Step 3: Enter your Office product key, without hyphens. If you don't have your key, see get your HUP product key. Dec 12, 2018 Go to the Microsoft account page and sign in as you normally would. Select Security More security options and under Windows Hello and security keys, select Set up a security key. Identify what type of key you have (USB or NFC) and select Next. You will be redirected to the setup experience where you will insert or tap your key.
Howdy folks,
I’m so excited to share today’s news! We just turned on the ability to securely sign in with your Microsoft account using a standards-based FIDO2 compatible device—no username or password required! FIDO2 enables users to leverage standards-based devices to easily authenticate to online services—in both mobile and desktop environments. This is available now in United States and will roll out globally over the next few weeks.
This combination of ease of use, security, and broad industry support is going to be transformational both at home and in the modern workplace. Every month, more than 800 million people use a Microsoft account to create, connect, and share from anywhere to Outlook, Office, OneDrive, Bing, Skype, and Xbox Live for work and play. And now they can all benefit from this simple user experience and greatly improved security.
Starting today, you can use a FIDO2 device or Windows Hello to sign in to your Microsoft account using the Microsoft Edge browser.
Watch this quick video showing how it works:
Microsoft has been on a mission to eliminate passwords and help people protect their data and accounts from threats. As a member of the Fast Identity Online (FIDO) Alliance and the World Wide Web Consortium (W3C), we’ve been working with others to develop open standards for the next generation of authentication. I’m happy to share that Microsoft is the first Fortune 500 company to support password-less authentication using the the WebAuthn and FIDO2 specifications, and Microsoft Edge supports the widest array of authenticators compared to other major browsers.
If you want to know more details on how it works and how to get started, keep reading on.
Get started
To sign in with your Microsoft Account using a FIDO2 security key:
- If you haven’t already, make sure you update to Windows 10 October 2018.
- Go to the Microsoft account page on Microsoft Edge and sign in as you normally would.
- Select Security > More security options and under Windows Hello and security keys, you’ll see instructions for setting up a security key. (You can purchase a security key from one of our partners, including Yubico and Feitian Technologies that support the FIDO2 standard.*)
- Next time you sign in, you can either click More Options > Use a security key or type in your username. At that point, you’ll be asked to use a security key to sign in.
And as a reminder, here’s how to sign in with your Microsoft account using Windows Hello:
- Make sure you’ve updated to Windows 10 October 2018.
- If you haven’t already, you’ll need to set up Windows Hello. If you have Windows Hello set up, you’re good to go!
- Next time you sign in on Microsoft Edge, you can either click More Options > Use Windows Hello or a security key or type in your username. At that point, you’ll be asked to use Windows Hello or a security to sign in.
If you need more help, check out our detailed help article about how to get set up.
*There are a couple of optional features in the FIDO2 spec that we believe are fundamental to security, so only keys that have implemented those features will work. Read What is a Microsoft-compatible security key? to learn more.
How does it work?
Under the covers, we implemented the WebAuthn and FIDO2 CTAP2 specifications into our services to make this a reality.
Unlike passwords, FIDO2 protects user credentials using public/private key encryption. When you create and register a FIDO2 credential, the device (your PC or the FIDO2 device) generates a private and public key on the device. The private key is stored securely on the device and can only be used after it has been unlocked using a local gesture like biometric or PIN. Note that your biometric or PIN never leaves the device. At the same time that the private key is stored, the public key is sent to the Microsoft account system in the cloud and registered with your user account.
When you later sign in, the Microsoft account system provides a nonce to your PC or FIDO2 device. Your PC or device then uses the private key to sign the nonce. The signed nonce and metadata is sent back to the Microsoft account system, where it is verified using the public key. The signed metadata as specified by the WebAuthn and FIDO2 specs provides information, such as whether the user was present, and verifies the authentication through the local gesture. It’s these properties that make authentication with Windows Hello and FIDO2 devices not “phishable” or easily stolen by malware.
How do Windows Hello and FIDO2 devices implement this? Based on the capabilities of your Windows 10 device, you will either have a built-in secure enclave, known as a hardware trusted platform module (TPM) or a software TPM. The TPM stores the private key, which requires either your face, fingerprint, or PIN to unlock it. Similarly, a FIDO2 device, like a security key, is a small external device with its own built-in secure enclave that stores the private key and requires the biometric or PIN to unlock it. Both options offer two-factor authentication in one step, requiring both a registered device and a biometric or PIN to successfully sign in.
Check out this article on our Identity Standards blog, which goes into all the technical details around the implementation.
What’s next
We have tons of great things coming out as part of our efforts to reduce and even eliminate the use of passwords. We are currently building the same sign-in experience from a browser with security keys for work and school accounts in Azure Active Directory. Enterprise customers will be able to preview this early next year, where they will be able to allow their employees to set up their own security keys for their account to sign in to Windows 10 and the cloud.
Furthermore, as more browsers and platforms start supporting the WebAuthn and FIDO2 standards, the password-less experience—available on Microsoft Edge and Windows today—will be hopefully available everywhere!
Stay tuned for more details early next year!
Best Regards,
Alex Simons (@Twitter: @Alex_A_Simons)
CVP of Program Management
Microsoft Identity Division
You can use security keys as a passwordless sign-in method within your organization. A security key is a physical device that's used with a unique PIN to sign-in to your work or school account. Because security keys require you to have the physical device and something only you know, it's considered a stronger verification method than a username and password.
| Using a security key as a passwordless authentication method is currently in public preview. If what you're seeing on your screen doesn't match what's being covered in this article, it means that your administrator hasn't turned on this feature yet. Until this feature is turned on, you must choose another authentication method from the Security Info page. For more information about previews, see Supplemental Terms of Use for Microsoft Azure Previews. |
Note
If you don't see the security key option, it's possible that your organization doesn't allow you to use this option for verification. In this case, you'll need to choose another method or contact your organization's help desk for more assistance.
Security verification versus password reset authentication
Security info methods are used for both two-factor security verification and for password reset. However, not all methods can be used for both.
| Method | Used for |
|---|---|
| Authenticator app | Two-factor verification and password reset authentication. |
| Text messages | Two-factor verification and password reset authentication. |
| Phone calls | Two-factor verification and password reset authentication. |
| Security key | Two-factor verification and password reset authentication. |
| Email account | Password reset authentication only. You'll need to choose another method for two-factor verification. |
| Security questions | Password reset authentication only. You'll need to choose another method for two-factor verification. |
What is a security key?
Microsoft Account Key Generation For Login Account
We currently support several designs and providers of security keys using the Fast Identity Online (FIDO) (FIDO2) passwordless authentication protocols. These keys allow you to sign in to your work or school account to access your organization's cloud-based resources when on a supported device and web browser.
Iis machinekey validation key generator. Your administrator or your organization will provide you with a security key if they require it for your work or school account. There are different types of security keys you can use, for example a USB key that you plug in to your device or an NFC key that you tap on an NFC reader. You can find out more information about your security key, including what type it is, from the manufacturer's documentation.
Note
If you're unable to use a FIDO2 security key, there are other passwordless verification methods you can use such as the Microsoft Authenticator app or Windows Hello. For more information about the Microsoft Authenticator app, see What is the Microsoft Authenticator app?. For more information about Windows Hello, see Windows Hello overview.
Before you begin
Before you are able to register your security key, the following must be true:
Your administrator has turned on this feature for use within your organization.
You're on a device running the Windows 10 May 2019 Update and using a supported browser.
You have a physical security key approved by your administrator or your organization. Your security key must be both FIDO2 and Microsoft-compliant. If you have any questions about your security key and whether it's compatible, contact your organization's help desk.
Register your security key
You must create your security key and give it a unique PIN before you can sign in to your work or school account using the key. You may have up to 10 keys registered with your account.
Go to the My Profile page at https://myprofile.microsoft.com and sign in if you haven't already done so.
Select Security Info, select Add method, and then select Security key from the Add a method drop-down list.
Select Add, and then select the type of security key you have, either USB device or NFC device.
Note
If you aren't sure which type of security key you have, refer to the manufacturer's documentation. If you aren't sure about the manufacturer, contact your organization's help desk for assistance.
Have your security key physically available and then in the Security key box, select Next.
A new box appears to help walk you through setting up your new sign-in method.
In the Setting up your new sign-in method box, select Next, and then:
If your security key is a USB device, insert your security key into the USB port of your device.
If your security key is an NFC device, tap your security key to your reader.
Type your unique security key PIN into the Windows security box, and then select OK.
You'll return to the Setting up your new sign-in method box.
Select Next.
Return to the Security info page, type a name you'll recognize later for your new security key, and then select Next.
Your security key is registered and ready for you to use for sign in to your work or school account.
Select Done to close the Security key box.
The Security info page is updated with your security key information.
Delete a security key from your security info
If you misplace or no longer want to use a security key, you can delete the key from your security info. While this stops the security key from being used with your work or school account, the security key continues to store your data and credential information. To delete your data and credential information from the security key itself, you must follow the instructions in the Reset a Microsoft-compatible security key section of this article.
Select the Delete link from the security key to remove.
Select Ok from the Delete security key box.
Your security key is deleted and you'll no longer be able to use it to sign in to your work or school account.
Important
If you delete a security key by mistake, you can register it again using the instructions in the How to register your security key section of this article.
Manage your security key settings from Windows Settings
You can manage your security key settings from the Windows Settings app, including resetting your security key and creating a new security key PIN.
Reset your security key
If you want to delete all the account information stored on your physical security key, you must return the key back to its factory defaults. Resetting your security key deletes everything from the key, allowing you to start over.
Important
Resetting your security key deletes everything from the key, resetting it to factory defaults.
All data and credentials will be cleared.
To reset your security key
Microsoft Account Key Generation For Login Email
Open the Windows Settings app, select Accounts, select Sign-in options, select Security Key, and then select Manage.
Insert your security key into the USB port or tap your NFC reader to verify your identity.
Follow the on-screen instructions, based on your specific security key manufacturer. If your key manufacturer isn't listed in the on-screen instructions, refer to the manufacturer's site for more information.
Select Close to close the Manage screen.
Create a new security key PIN
You can create a new security key PIN for your security key.
To create a new security key PIN
Open the Windows Settings app, select Accounts, select Sign-in options, select Security Key, and then select Manage.
Insert your security key into the USB port or tap your NFC reader to verify your identity.
Select Add from the Security Key PIN area, type and confirm your new security key PIN, and then select OK.
The security key is updated with the new security key PIN for use with your work or school account. If you decide to change your PIN again, you can select the Change button.
Select Close to close the Manage screen.
Additional security info methods
In order to register a security key, you must have at least one additional security verification method registered. See the Overview section for more information.
Next steps
For more information about passwordless verification methods, read the Microsoft’s Azure AD begins public preview of FIDO2 security keys, enabling passwordless logins blog, or read the What is the Microsoft Authenticator app? and Windows Hello overview articles.
For more detailed info about Microsoft-compliant security keys.
Reset your password if you've lost or forgotten it, from the Password reset portal or follow the steps in the Reset your work or school password article.
Get troubleshooting tips and help for sign-in problems in the Can't sign in to your Microsoft account article.