Hello, Windows: Compatible Security Keys For Your Device

Windows Hello is a passwordless sign-in method that uses physical security keys with a unique PIN to access work or school accounts. These security keys are designed to be used in conjunction with Windows Hello to enhance security and eliminate the need for traditional passwords. Some of the security keys that work with Windows Hello include Yubico YubiKey 5 NFC, Thetis Pro FIDO2 Security Key, Kensington VeriMark Gen1, and KEY-ID FIDO2 key. These security keys offer strong authentication and are compatible with various devices and platforms, providing users with a convenient and secure way to access their accounts.

YubiKey 5 NFC

The YubiKey 5 NFC is a two-factor authentication (2FA) security key that can be connected via USB-A or NFC. It is compatible with Windows 10 Home, Pro, or Enterprise, requiring version 1607 with build number 14393.321 or later.

To set up the YubiKey 5 NFC with a Windows 10 account, follow these steps:

• Ensure CCID mode is enabled on your YubiKey.
• Set a PIN for the user who will be using the YubiKey (this is mandatory).
• Download and install the YubiKey for Windows Hello app from the Windows app store.
• Launch the app and select "All Apps > Start > YubiKey for Windows Hello" from the Start menu.
• If you need to uninstall the app, first unregister any YubiKeys, then navigate to the app in the Start menu, right-click, and select "Uninstall."
• For systems running Windows Pro or Windows Enterprise, enable the "Allow an assistive device for secondary authentication" option in the Local Security Policy settings. If your organisation manages your security policy, contact your system administrator to request a change to these settings.
• You can register up to four YubiKeys per account, but each YubiKey can only be registered to one account on the same system.

The YubiKey 5 NFC is also recommended for use with Windows Hello for Business, where it can store passkeys. It is compatible with Windows 11 and can be used with mobile devices.

Kensington VeriMark Gen1 USB-A Fingerprint Key Reader

The Kensington VeriMark Gen1 USB-A Fingerprint Key Reader is a security key that supports Windows Hello and Fast IDentity Online (FIDO) universal 2nd-factor authentication (U2F). It is designed to provide a simple, fast, and secure Windows logon experience, as well as seamless two-factor authentication. The VeriMark Fingerprint Key protects against unauthorized access on compromised devices and offers advanced cybersecurity for today's cloud-based world.

In terms of setup, the VeriMark Fingerprint Key typically requires a manual driver installation when connected to a USB-A port on a Windows 11 computer. The official drivers can be downloaded from the Kensington website, and the installation process involves unzipping a file and following the on-screen instructions. Once the driver is installed, users can set up fingerprint recognition by navigating to the Accounts section in the Windows Settings app, clicking on "Sign-in options," and then selecting "Fingerprint recognition (Windows Hello)." The VeriMark Fingerprint Scanner features a blue light to indicate when it is ready to scan a user's fingerprint, and it supports scanning from multiple angles.

The Kensington VeriMark Fingerprint Key Reader offers several benefits. Firstly, it enhances security by requiring physical possession of the device and user-specific biometric data. Secondly, it provides loss protection, as users cannot misplace their fingerprints like they can with PINs. Thirdly, it offers strong encryption of biometric data using Advanced Encryption Standard (AES) and Transport Layer Security (TLS) technologies. Finally, it provides a faster and more seamless authentication experience compared to traditional password or PIN-based methods.

The VeriMark Fingerprint Key is also versatile, as it can be used with multiple computers. However, users need to complete the fingerprint registration process on each new device. Additionally, the VeriMark Fingerprint Key can be used with any application that supports fingerprint sign-in, as long as the fingerprint is initially set up in the Windows Account Settings.

Thetis Pro FIDO2 Security Key

The Thetis Pro FIDO2 Security Key is a highly durable, multi-purpose, two-factor authentication security key that provides passwordless protection, NFC compatibility, and HOTP with dual USB-A and USB-C ports. It is compatible with Windows, macOS, Linux, Gmail, Facebook, Dropbox, and GitHub.

The Thetis Pro FIDO2 Security Key is a highly secure and durable device. It features a 360-degree rotating metal cover, making it tamper-resistant, water-resistant, and crush-resistant. Its small and portable design allows it to fit easily on your keychain, and it does not require a battery or network connectivity.

The Thetis Pro FIDO2 Security Key offers a simple and low-cost solution for enhanced security. It is compatible with both USB-A and USB-C ports and Near Field Communication (NFC) technology. With NFC, you can simply tap the key against the right devices to activate authentication, eliminating the need for plugging it in.

The Thetis Pro FIDO2 Security Key provides a seamless authentication experience across various platforms. It is compatible with Windows, macOS, Linux, Gmail, Facebook, Dropbox, and GitHub. It supports FIDO2, enabling passwordless logins for services that allow it. Additionally, it is backward compatible with older FIDO U2F protocols, ensuring seamless operation with newer and older devices.

The Thetis Pro FIDO2 Security Key offers a straightforward setup process, making it user-friendly even for those who are not tech-savvy. It operates seamlessly and enhances the security and efficiency of the login process. Its compact design makes it convenient to carry, allowing you to take it wherever you need it.

The Thetis Pro FIDO2 Security Key is a highly secure and versatile authentication solution, providing seamless protection across multiple platforms. Its durability, portability, and compatibility with various services make it a reliable choice for enhancing the security of your online accounts and devices.

YubiKey 5C Nano

The YubiKey 5C Nano is a compact two-factor authentication (2FA) security key that connects via USB-C. It offers an extra layer of protection for your online accounts by requiring you to physically have the key in addition to knowing your password.

To set up the YubiKey 5C Nano with a Windows 10 account, you need to ensure the following:

• Your Windows 10 version is 1607 or later with build number 14393.321 or above.
• CCID mode is enabled on the YubiKey.
• You have a local or cloud user account.
• Your local security policy is set to allow companion devices for secondary authentication.
• You have set a PIN for the user who will be using the YubiKey.

Once you have met these requirements, you can download and install the YubiKey for Windows Hello app from the Windows app store. After launching the app, you can access it from the Start menu by selecting All Apps > Start > YubiKey for Windows Hello.

It is important to note that this app is intended for single-user Windows systems and can register a maximum of four YubiKeys per account. Additionally, the same YubiKey cannot be registered to multiple accounts on the same system.

For systems running Windows Pro or Windows Enterprise, you may need to adjust your local security policy settings to allow the use of assistive devices for secondary authentication. To do this, open the Local Group Policy Editor and navigate to Computer Configuration > Administrative Templates > Windows Components > Microsoft Additional Authentication Factor. From there, you can edit the policy setting and ensure it is enabled.

While the YubiKey 5C Nano offers enhanced security, it is currently designed to unlock your system rather than for login. This means that you will still need to use your PIN or password to log in, and the YubiKey will be used to unlock your system afterward.

YubiKey 5 Nano

The YubiKey 5 Nano is a compact two-factor authentication (2FA) security key that connects via USB-A. It offers an extra layer of protection when logging into your Windows 10 or Windows 11 device, alongside other operating systems like macOS and Linux.

To set up the YubiKey 5 Nano with Windows 10, you need to ensure the following:

• Your Windows 10 version is 1607 or later, with build number 14393.321 or above.
• CCID mode is enabled on the YubiKey.
• Your user account is local or cloud-based.
• Your local security policy is set to allow companion devices for secondary authentication.
• You have set a PIN for the user who will be using the YubiKey.

Once the prerequisites are met, you can set up the YubiKey 5 Nano by following these steps:

• Download and install the YubiKey for Windows Hello app from the Windows app store.
• Launch the app and access it from the Start menu: Start > All Apps > YubiKey for Windows Hello.
• If you need to uninstall the app, go to the Start menu, right-click on the application, select Uninstall, and follow the on-screen instructions.
• For Windows Pro or Enterprise, enable the "Allow an assistive device for secondary authentication" option in the Local Security Policy settings. If your organisation manages your security policy, consult your system administrator to make this change.

The YubiKey 5 Nano can also be used with Windows 11. You can store Windows Hello for Business passkeys inside Windows 11 natively without requiring additional hardware.

Frequently asked questions