By Guru Baran
Publication Date: 2025-11-26 15:12:00
Microsoft has confirmed that FIDO2 security keys on Windows 11 may now prompt users to set up a PIN during authentication following specific recent updates, aligning with WebAuthn standards for enhanced user verification.
The change began with the September 29, 2025, preview update KB5065789 for OS Builds 26200.6725 and 26100.6725, rolling out gradually to Windows 11 devices.
Deployment completed after the November 11, 2025, security update KB5068861 for OS Builds 26200.7171 and 26100.7171, or subsequent patches.
| Update ID | Release Date | OS Builds Affected |
|---|---|---|
| KB5065789 | Sept 29, 2025 | 26200.6725, 26100.6725 |
| KB5068861 | Nov 11, 2025 | 26200.7171, 26100.7171 |
This affects sign-ins where a Relying Party (RP) or Identity Provider (IDP) requests User Verification set to “Preferred” for keys lacking a PIN.
The requirement enforces WebAuthn specifications, where User Verification (UV) proves user presence via PIN or biometrics. UV levels…
