Windows Hello is an excellent and secure way to log into your Windows 10 PC, and it is about to get more secure for some newer scenarios. The reason why? Microsoft just announced that they have added support for FIDO2 security key authentication to Windows Hello.
The Redmond giant now says they're "working to enable" the FIDO2 authentication keys with Windows Hello to allow for easy and secure authentication on shared devices. This is particularly useful in helpdesk scenarios, where a user can log in using the Windows Hello FIDO2 key, instead of a username and password. According to Microsoft:
Security keys allow you to carry your credential with you and safely authenticate to an Azure AD joined Windows 10 PC. A user can walk up to any device belonging to the organization and authenticate in a secure way – no need to enter a username and password or set-up Windows Hello beforehand. Unlike traditional passwords, these keys rely on high-security, public-key cryptography to provide strong authentication. These keys have all the benefits of a Trusted Platform Module (TPM) while also being portable enabling the increasing number of mobile workers.
There are a variety of security key form factors, including USB Security keys, and NFC enabled smart cards and examples include the Yubico security key, and HID security key. Windows Hello FIDO2 Security Key is currently in limited preview, and you can sign up here to join the waitlist.