Starting today, users can use hardware security keys manufactured by Swedish company Yubico to log into a local Windows OS account.
After more than six months of testing, the company released today the first stable version of the Yubico Login for Windows application.
Once installed on a Windows computer, the application will allow users to configure a Yubico security key (known as YubyKey) to secure local Windows OS accounts.
The Yubico key will not replace the Windows account password but will work as a second authentication factor. Users will have to enter their password, and then plug in a Yubico key into a USB port to finish the login process.
Yubico hopes the keys will be used to secure high-value computers storing sensitive data that are used in the field, away from secured networks. Such devices are often susceptible to theft or getting lost.
If the devices are not encrypted, attackers have various ways at their disposal to bypass normal Windows password-based authentication. Securing local Windows accounts with a YubiKey makes it nearly impossible for an attacker to access the account, even if they know the password.
Nowadays, Yubico keys are often used to secure online accounts, but a feature most users weren’t aware is that they can also use the keys to secure local OS accounts.
Prior to today, the Yubico Login application had only been available for Mac and Linux users. Support for protecting Windows OS accounts has been one of Yubico’s most requested features.
Yubico said the Yubico Login for Windows app currently works on Windows 7, Windows 8.1, and Windows 10. The app is available from Yubico’s site.
The app does not support local Windows accounts managed by Azure Active Directory (AAD) or Active Directory (AD).
“For computers joined to cloud-based AAD, passwordless authentication with the YubiKey is currently supported in Azure AD preview. For accounts managed by AD, the YubiKey enables authentication as a PIV-compliant smart card (Windows 7+, Microsoft Windows Server 2008 R2+),” Yubico said today.