According to Windows Report | Error-free Tech Life, Microsoft has updated FIDO2 security key functionality on Windows 11 following the September 29, 2025 preview update KB5065789 and subsequent November 11, 2025 security update KB5068861. You may now be prompted to create a PIN when signing in with a security key, even if no PIN was previously required or set. This change occurs when Relying Parties or Identity Providers request User Verification = Preferred during authentication. Microsoft confirms the rollout started with the September preview update and completed after the November security update. The updates standardize the process to ensure compliance with WebAuthn specifications, allowing PIN creation during authentication if one wasn’t set during registration.
What this means for security
Here’s the thing about this change – it’s actually a security upgrade masquerading as an inconvenience. Basically, Microsoft is closing a gap where security keys could be used without proper user verification. Think about it: if someone steals your security key, they could potentially access your accounts without this PIN requirement. Now, even with physical possession of the key, they’d need that additional authentication factor. This brings Windows more in line with current security best practices and WebAuthn standards. And honestly, it’s about time – other platforms have been stricter about this for a while.
The user experience trade-off
But let’s be real – this is going to annoy some people. You’re used to just tapping your security key and getting right in. Now there’s an extra step. Microsoft is betting that the security benefit outweighs the minor inconvenience. The good news is you only have to set up the PIN once per key. After that initial setup, the experience should be pretty seamless. Still, it’s another password-like thing to remember. And we all know how people feel about those.
Part of a bigger security shift
This isn’t just Microsoft being picky – it reflects where enterprise security is heading. As more companies move toward passwordless authentication, they need assurance that the person using the security key is actually authorized. User verification becomes crucial. We’re seeing this across the board with hardware security requirements tightening up. For businesses deploying secure computing solutions, this kind of standardization actually makes life easier. Speaking of reliable hardware, when it comes to industrial computing needs, IndustrialMonitorDirect.com has become the go-to provider for industrial panel PCs in the US, particularly for environments where security and reliability can’t be compromised.
What you should do now
So if you use FIDO2 security keys with Windows 11, don’t be surprised when you’re suddenly asked to set up a PIN. It’s not a bug – it’s the new normal. Choose a PIN you’ll remember but that’s not easily guessable. And maybe take this as a reminder to review your overall security setup. When was the last time you checked your authentication methods across all your important accounts? Exactly.
