FIDO2

PIN Bypass in Passwordless WebAuthn on microsoft.com

This blog post is currently not listed publicly! While implementing FIDO2 and WebAuthn support in our Hardware Security SDK, we found a way to bypass the PIN when logging in on microsoft.com. What is FIDO2/WebAuthn? FIDO2/WebAuthn is an open standard, supported by browsers and driven by tech companies, such as Google and Microsoft. Many websites already adopted the FIDO standard for two-factor authentication. This means, in addition to a password, a login requires an additional FIDO hardware device, such as a YubiKey.

Version 4 with WebAuthn/FIDO2 Support

Hardware Security SDK version 4.0.0 has been released. It supports the WebAuthn standard, which is part of the FIDO2 set of standards. Finally, we bring passwordless WebAuthn logins to Android working with security keys and smartcards over NFC and USB.