Microsoft Security Keys May Require a PIN After Recent Windows Updates

Microsoft has implemented changes to how Windows handles FIDO2 security key authentication following recent system updates.

Users may now be required to create and set a PIN for their security keys during sign-in, even if a PIN was not previously configured during initial registration.

This change affects users who install the Windows preview update from September 29, 2025 (KB5065789, OS Builds 26200.6725 and 26100.6725) or any subsequent updates.

The requirement to set up a PIN will be triggered when a Relying Party (RP) or Identity Provider (IDP) requests User Verification set to “Preferred” during the authentication process with a FIDO2 security key that does not currently have a PIN configured.

Compliance with WebAuthn Standards

Microsoft clarified that this behavior change represents intended functionality designed to maintain compliance with WebAuthn specifications.

The company emphasizes that the update aligns Windows authentication methods with…