All news with #webauthn tag

Microsoft: FIDO2 Security Keys May Require PIN on Windows

🔒 Microsoft warned that FIDO2 security keys may prompt users to create or enter a PIN after Windows updates beginning with the September 29, 2025 KB5065789 preview. This behavior affects devices running Windows 11 24H2 or 25H2 when a Relying Party or identity provider requests User Verification set to preferred. Microsoft says the change is intentional to align with the WebAuthn specification, which requires PIN setup when authenticators support user verification. Organizations that want to avoid PIN prompts can set user verification to discouraged in their WebAuthn settings.

Amazon DCV 2025.0 Adds WebAuthn, ARM, and Keyboard Support

🔒 Amazon DCV 2025.0 is the latest release of the high-performance remote display protocol, delivering enhanced security and productivity for virtual desktop and application sessions. The update adds WebAuthn redirection on Windows and browser-based WebAuthn on Linux to enable security-key authentication in native and SaaS apps, plus server-side keyboard layout handling and alignment for Windows clients to improve input consistency. Other improvements include Linux client support for ARM, Windows Server 2025 host compatibility, and scroll wheel optimizations for smoother navigation. See AWS documentation and the DCV product page for full release notes.

Synced Passkeys: Enterprise Risks and Mitigations Guide

🔒 The article warns that deploying synced passkeys introduces enterprise exposure because they inherit risks tied to cloud accounts and recovery processes. It highlights practical attack vectors — including AiTM-based authentication downgrades and malicious browser extensions — that can bypass or capture passkeys. The author recommends mandatory use of device-bound, hardware-backed authenticators and strict enrollment and recovery controls to preserve phishing-resistant access.