Security Key

When setting up Passwordless security key sign-in Windows and attempting to sign-in to the first machine you have setup (although it could be any machine!) you may encounter the error:

Your credentials couldn’t be verified. (code: 0x000006d, 0x0)

This error message appears even though you can sign-in with the key to AzureAD and other web services.

The cause is likely to be the account you are testing with is a member of the Domain Admins (or a similar) privileged security group, I keep bumping into this one but can’t find the source article where I first read this. If I manage to find the article I’ll post a link!

UPDATE 31/01/2024: It appears there is a way to overcome this issue with a modification of Active Directory objects described at: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-authentication-passwordless-faqs#fido2-security-key-sign-in-isnt-working-for-my-domain-admin-or-other-high-privilege-accounts-why


Today I had the pleasure of presenting at the Oxford ICTF Conference on Multi-Factor Authentication and Password Stores with Smart Cards and YubiKeys, the video recording is online now here – https://youtu.be/WGtCxS2YFNA and the presentation can be downloaded through the link below.

A special shout out goes to the Yubico press office for providing a set of YubiKey 4s, YubiKey NEOs and Security Keys which helped fuel a very lively Q and A session!

  Presentation.pdf (5.5 MiB, 3,418 hits)