Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,389 questions
FIDO Registration Passwordless - When the page focus is removed from verifying user presence, registration fails
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 30%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Gobinath Mageswaran
1
Reputation point
Hello
We are in the process of implementing FIDO for an organization and currently testing various use cases. i wanted to list down a two I came across and was hoping someone can provide more clarity on the behaviour by explaining this to me or point me to some links to read more about it ( did some digging but not seen any good explanations yet :))
Senario 1
- User logs into aka.ms/mysecurityinfo
- select to register security key
- user is asked to enter a PIN or create a new PIN if he has not already
- user is asked to touch the key to verify presence
on step 4 if i click on another page or click on my open excel/word document and the screen focus is now on this new page and proceed to touch my FIDO key to verify user presence i get an error message saying i am using a private browser session and my key is not registered.
This happens all the time and was wondering why this happens or if its a bug?
Senario 2
The expected behaviour for PIN bad attempts is 4 bad PIN inputs user is asked to remove and reinsert their key. They have another 4 attempts after this.
I have noticed that if i enter 3 bad inputs and proceed to enter the right PIN on my 4ths attempt i am still not allowed to login. I get too many incorrect PIN attempts to remove and reinsert your PIN.
Wanted to know if this is expected and can be changed or a limitation of the protocol?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT 33,706 Reputation points Microsoft Employee2021-09-07T20:34:28.297+00:00 I realize this is an old question, but I wanted to check if you are still having this issue? If so, would you be able to share a screenshot of the message you receive?
Sign in to comment