Problem setting Onlykey duo to register with Windows Hello

I just got my Onlykey duo and I’m trying to setup Windows Hello to use it.
The process is not clear. I managed to have something where Windows was doing something (Wait icon for 5s) , then entering a loop where windows is saying it will reset/wipe the key and nothing is done, and return to config screen and then loop again.
I have tried to move to admin mode but this is not working better.

What is the true procedure to do this setup (if possible)?
Thaks in advance.

Patrice

Hi Sceletus,

Did you ever get a viable solution to this? I’ve read the online documentation extensively and perhaps I’m just missing a step because of expected vs actual verbage, but it seems like there are small pieces of critical information missing from the manual; particularly in the arena of registering my onlykey as a FIDO security key on Windows Hello.

No,

I gave up.

~WRD0000.jpg

Hello,
Can you provide details how you are registering the key. Are you utilizing the web browser and logged into your outlook account?

Sure, I am going to the windows settings app and attempting to register the onlykey in the Windows hello login methods page. It recognizes it and I can even reset it or change my fido pin. I just saw no way to register it for Windows hello.

I did see your instruction for being online in my Outlook account? I’m my case it is a O365 account but same difference to me, all Microsoft.

Is that the secret sauce? You must register the key online through the accounts security page?

Thoughts? Am I missing the point here? I cannot be the only one who’s had issues registering an onlykey as a Windows hello security key.

If i am the only one, I have no business being in the IT business assisting others with their computer problems. Just for reference, I used a Yubikey at a former employer by their instruction, and did not have any issue. I thought by getting what appeared to be a more capable device that I’d have more options. It seems to be a glorified password manager at this point.

For those interested, you must register your onlykey in the online security panel of Microsoft accounts. It cannot be done within Windows.

Microsoft and several other major players apparently allow list only certain vendors, like Yubico and Fortinet, of hardware security keys regardless of features and abilities. Microsoft does not support OnlyKey out of the box, sadly, because the OnlyKey is one of the higher ended keys out there supporting multi-algo PGP, password management (with plausible deniability options) and FIDO2 compliance, imo.

If you’re a Microsoft tenant admin, you can add the aaguid that identifies the OnlyKey certificate buried in the device into your Azure\Entra admin center and then use it - or - you can turn off the attestation feature of the hardware tokens… The latter being half the point of the hardware token. If you’re a public Microsoft user without your own tenant, you’re not gonna get it without Microsoft adding it to their compliant list. Best of luck with that.

Really sucks cause there’s not another USB security key with as much functionality as the OnlyKey. I searched long and hard before buying this one, not realizing that ultimately the places I would be using it have the final say on if I can use it with them or not. Sad face :pleading_face:.