Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Microsoft Windows 11 FIDO2 sign-in may prompt for PIN after WebAuthn-aligned updates

Security Tool/Service
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

Windows 11 FIDO2 sign-ins may now prompt users to create or enter a PIN after recent WebAuthn-aligned updates, changing passwordless authentication behavior on managed devices. The change affects version 24H2/25H2 deployments and matters because it can alter how user verification is handled during security-key authentication. Administrators who do not want PIN prompts can set WebAuthn user verification to discouraged.

Related Happenings

Windows 11 25H2 BitLocker recovery fix (KB5089549)

Security Patch Release
First: 13.05.2026 18:42 Last: 13.05.2026 18:42 Sources 1

About this happening: Microsoft shipped **KB5089549** for **Windows 11 25H2** to fix a **BitLocker Recovery** problem that could trap devices after the **April 2026 security updates**. The issue involv...

Open Happening

Windows 10 KB5087544 extended security update

Security Patch Release
First: 12.05.2026 21:58 Last: 12.05.2026 21:58 Sources 1

About this happening: **Microsoft** released **Windows 10 KB5087544** for **Windows 10 ESU/LTSC systems**, addressing **May 2026 Patch Tuesday vulnerabilities** and a **Remote Desktop warnings** issue....

Open Happening

Microsoft Defender false-positively flags DigiCert root certificates and removes some from Windows trust store

Security Tool/Service
First: 03.05.2026 21:11 Last: 03.05.2026 21:11 Sources 1

About this happening: **Microsoft Defender** began falsely flagging valid **DigiCert root certificates** as **Trojan:Win32/Cerdigent.A!dha**, creating widespread false positives and risking certificate...

Open Happening

Microsoft out-of-band security update for ASP.NET Core Data Protection (CVE-2026-40372)

Security Patch Release
First: 22.04.2026 11:08 Last: 22.04.2026 11:08 Sources 1

About this happening: **Microsoft** released **out-of-band security updates** for **CVE-2026-40372**, an **ASP.NET Core Data Protection** flaw that could let attackers forge authentication cookies and...

Open Happening

Microsoft Windows Server 2025 KB5082063 BitLocker recovery update

Security Patch Release
First: 15.04.2026 14:41 Last: 15.04.2026 14:41 Sources 1

About this happening: Microsoft's **April 2026 KB5082063** update can push some **Windows Server 2025** devices into **BitLocker recovery**, creating a first-restart disruption for a narrow set of ente...

Open Happening

Timeline

  1. 26.11.2025 16:43 1 articles · 6mo ago

    Windows 11 preview update enables FIDO2 PIN prompts

    Technical Analysis Update

    Windows 11 version 24H2 and 25H2 devices that install KB5065789 Preview on September 29, 2025, or later updates in the rollout path, may require a PIN when a relying party or identity provider requests User Verification = Preferred during FIDO2 security-key authentication. Microsoft says the change was added to keep PIN setup consistent across registration and authentication flows and to align the behavior with WebAuthn specifications.

    Show sources
    Open in new tab
  2. 26.11.2025 16:43 2 articles · 6mo ago

    Microsoft warns of new security-key PIN prompts

    Initial Disclosure

    Microsoft warned on Tuesday, November 26, 2025, that FIDO2 security keys on Windows 11 version 24H2 or 25H2 may prompt users to enter a PIN after installing Windows updates released since the September 2025 preview update. The prompt appears when an identity provider requests user verification during authentication, and organizations that do not want PIN creation or entry can configure WebAuthn user verification as discouraged.

    Show sources
    Open in new tab