Share this article
Improve this guide
Everything you wanted to know about YubiKey for Windows Hello
4 min. read
Published onApril 10, 2017
published onApril 10, 2017
Share this article
Improve this guide
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
In this article
Toggle
Windows Hellois one of the understated highlights of Windows 10. The ability to use biometrics to validate my identity for access to my Windows 10 devices is what my science fiction dreams were made of.
I use both iris recognition as well as fingerprint recognition in conjunction with Windows Hello on my Windows 10 devices. It’s seamless, and secure. Also, there’s no need to remember complex passwords or worry about someone watching me typing the password over my shoulder.
What is a YubiKey?
Last year, Windows 10 Anniversary Update introduced expanded user verification options and standards-based authentication with Windows Hello. Windows 10 supports both key-based and certificate-based authentication.
Key-based authentication is equal to the FIDO model of public key cryptography while certificate-based authentication relates to public key infrastructure (PKI). The former is a great proposition for enterprises that don’t use PKI or want to minimize reliance on certificates.
Founded in 2007, Yubico introduced YubiKey, a versatile authentication device. It supports many standards-based authentication protocols for host-based and cloud-based services, like Dropbox for example. Now, YubiKey enables the FIDO ecosystem for Windows 10 users.
YubiKey for Windows Hello
Interestingly, to use a YubiKey for Windows Hello authentication, you don’t need to use the built-in Windows Hello settings but download a separate app – YubiKey for Windows Hello – from the Windows Store.
Built on the Windows Companion Device Framework, it’s a pretty straightforward app that takes you step by step to register your YubiKey, and get it working with Windows Hello. Once done, you can just walk up to your device and plug in your YubiKey. It will authenticate your identity and log you into Windows 10. The app allows you to register a maximum of four YubiKeys per account.
While registering for Windows Hello, the CCID mode must be enabled on the YubiKey. CCID is enabled by default on all YubiKey 4 devices. Some older YubiKey NEOs do not have it enabled, and you can enable the CCID mode using the YubiKey NEO Manager.
Using YubiKey on Windows 10 devices
Once set up, YubiKey is recognized as a companion device for Windows Hello. So, it doesn’t just work for logging on to Windows, but also for apps that use Windows Hello authentication, like OneDrive orEnpass. It’s pretty neat, really. It’s also quite handy to allow a friend or colleague temporary access to your machine without sharing the password.
While a YubiKey can be tied to only one account on a device, however, I could use it on multiple devices with multiple accounts. I could use the same YubiKey on my Surface with my Microsoft account as well as on my wife’s laptop with her account.
There are some limitations though. The Windows 10 device doesn’t log off the user if the YubiKey is pulled out. It’s not incorrect to assume that since the key is used to validate my identity on Windows 10, removing it should lock one out. However, that doesn’t happen, and you’d have to lock the system manually or let the Windows 10 lock itself as is configured.
Also, there is no way to compulsorily require YubiKey to unlock the system. You can always access your account using your PIN or password.
Summary
There are several YubiKey variants available. I got the YubiKey 4 ($40) as well the YubiKey 4 Nano ($50). While the Nano variant is obviously smaller in size, and almost doesn’t protrude once it’s inserted in the USB port, it’s a tad inconvenient to pull out. The YubiKey 4 is similar to any slim pen drive out there, and fits just right amongst a bunch of keys in a key ring.
There’s also another YubiKey NEO ($50) that is slower than the YubiKey 4. It’s a known issue, and Yubico recommends users to swipe the screen or press any key rather than tapping the YubiKey.
YubiKey is a very handy device to enable Windows Hello on your Windows 10 devices. The setup is easy, and getting started is seamless. While organizations can sure deploy YubiKeys for their employees, it’s also an affordable and useful authentication device for regular users.
Radu Tyrsina
Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time).
For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web.
Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they’re looking for.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Radu Tyrsina
