By Sergiu Gatlan
Publication Date: 2025-11-26 14:43:00
Microsoft warned users on Tuesday that FIDO2 security keys may prompt them to enter a PIN when signing in after installing Windows updates released since the September 2025 preview update.
This behavior can be observed on devices running Windows 11 version 24H2 or 25H2 when an identity provider requests user verification during authentication.
Microsoft says this is an intentional change to comply with WebAuthn specifications, which dictate how authentication methods such as PINs, biometrics, and hardware security keys should handle user verification requests.
User verification confirms that the user is present and authorized to use a security key, typically through a PIN or biometric scan. Under WebAuthn standards, verification can be discouraged, preferred, or required. When set to “preferred,” the standard requires platforms to set up a PIN if the authenticator supports user verification.
Support for this feature began gradually rolling out to all Windows…
