The change began with the September 29, 2025, preview update KB5065789 for OS Builds 26200.6725 and 26100.6725, rolling out gradually to Windows 11 devices.
Deployment completed after the November 11, 2025, security update KB5068861 for OS Builds 26200.7171 and 26100.7171, or subsequent patches.
| Update ID | Release Date | OS Builds Affected |
|---|---|---|
| KB5065789 | Sept 29, 2025 | 26200.6725, 26100.6725 |
| KB5068861 | Nov 11, 2025 | 26200.7171, 26100.7171 |
This affects sign-ins where a Relying Party (RP) or Identity Provider (IDP) requests User Verification set to “Preferred” for keys lacking a PIN.
The requirement enforces WebAuthn specifications, where User Verification (UV) proves user presence via PIN or biometrics. UV levels include Discouraged (no PIN needed), Preferred (prompts setup if capable), and Required. Previously, PIN setup occurred only during registration; updates extend this to authentication flows for consistency.
FIDO2 keys enable passwordless authentication via USB, NFC, or Bluetooth, gaining traction against phishing and credential theft. The shift surprises users with unregistered PINs, as platforms must now comply by auto-configuring when “preferred” is specified.
RPs or IDPs can avoid PIN prompts by setting “userVerification” to “discouraged” in PublicKeyCredentialRequestOptions. Microsoft emphasizes this as deliberate compliance, not a bug. Users should check Settings > Accounts > Sign-in options > Security Key to manage PINs after the update.
Enterprises relying on FIDO2 for MFA face workflow disruptions if unprepared, especially in passwordless setups. Security vendors like Yubico note similar unexpected prompts in prior patches.
While improving adherence to standards, the change requires config reviews for seamless adoption. No rollback exists, but “discouraged” UV restores prior behavior.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Microsoft Security Keys May Require PIN After Recent Windows Updates appeared first on Cyber Security News.
Mobile Swipe Menu is a vanilla JavaScript library that creates touch-enabled off-canvas side menus for…
tiks is a JavaScript sound effect library that generates iOS-like UI audio feedback at runtime…
LANSING, MI (WOWO) A broad coalition of business groups, housing advocates and environmental organizations is…
LANSING, MI (WOWO) Michigan lawmakers are advancing a series of proposals aimed at reforming the…
A group of unauthorized users has reportedly breached access controls surrounding Claude Mythos Preview, Anthropic’s…
MARSHALL COUNTY, IND. (WOWO) Marshall County commissioners have approved a permanent ban on data centers…
This website uses cookies.