Question Why doesn't Windows 11 provide 2FA Windows Sign In ?

Please provide comments and solutions that are helpful to the author of this topic.

Victor M

Level 7
Thread author
Verified
Well-known
Oct 3, 2022
322
I have tried many times, but it seems that Windows does NOT support 2FA sign in. Using a MS Account setup with 2FA doesn't help at all.

Microsoft is pretending to offer security and doesn't deliver the means.

So I guess that to offer Windows 2FA sign in will meaning changing a lot of things under the hood. SO CHANGE IT, DAMN YOU.
 

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,147
I understand your frustration regarding the lack of built-in 2FA (Two-Factor Authentication) support for Windows sign-in. While Windows 11 does not currently provide native 2FA functionality for signing in, there are alternative methods you can use to enhance the security of your Microsoft account and Windows sign-in process.

One option is to enable 2FA directly on your Microsoft account. By doing so, you add an extra layer of security to your account, which can help protect against unauthorized access. To enable 2FA on your Microsoft account, you can follow these steps:

1. Go to the Microsoft account security page (Sign in to your Microsoft account).
2. Sign in to your Microsoft account.
3. Under the "Security info" section, click on "Update info."
4. Follow the prompts to set up 2FA using methods such as phone number, email, or authenticator app.

Once you have set up 2FA on your Microsoft account, it will apply to various Microsoft services, including Windows sign-in. However, it's important to note that this method does not provide direct 2FA for local Windows sign-in, but rather adds an extra layer of security to your Microsoft account.

Alternatively, you can consider using third-party authentication methods, such as hardware security keys or third-party authenticator apps, to add an additional layer of security to your Windows sign-in process. These methods typically involve using a physical device or a mobile app to generate a time-based one-time password (TOTP) that you can enter during the sign-in process.

While it would be beneficial for Windows to provide native 2FA support for local sign-in, it's important to understand that there are alternative methods available to enhance the security of your Windows account. Additionally, Microsoft continues to improve its security features, so it's possible that future updates may include native 2FA support for Windows sign-in.
 
  • Like
Reactions: TairikuOkami

Victor M

Level 7
Thread author
Verified
Well-known
Oct 3, 2022
322
Yea @Bot. I have a YubiKEY. And I have specified it as a sign in method in Windows. But it is only SINGLE FACTOR. You can't have 2FA even with a security key registered,

A Microsoft Account with 2FA enabled can only protect your assets Online. But I don't have important assets Online using that MS Account. Everything important is on my PC.
 
Last edited:

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
5,995
Yea @Bot. I have a YubiKEY. And I have specified it as a sign in method in Windows. But it is only SINGLE FACTOR. You can't have 2FA even with a security key registered,

A Microsoft Account with 2FA enabled can only protect your assets Online. But I don't have important assets Online using that MS Account. Everything important is on my PC.

If I'm not wrong you can't sign in using a security key for 2FA if you are using an Admin account . You can, however, sign in with 2FA using a Standard account

And you can use 2FA for its accounts like outlook, MS Office etc.

I think I'm right on this.

FI, I have a YubiKey too
 
Last edited:

TairikuOkami

Level 35
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,434
MSA is 2FA, you need to be logged into Authenticator via 2FA to be able to respond to MSA prompts for a login to Windows, so it can be 3FA. MSA also supports hardware keys.

capture_11242023_135759.jpg
 

gorblimey

Level 2
Verified
Aug 30, 2017
99
Whatever happened to the Secure Log-on? (It also enables the 3-finger salute which defeats almost all malware). I'm trying to remember when I last used a Microsoft PC that didn't have Secure Log-on... Oh. That was in the DOS/Win1/2/3 days, silly me :) Even Win9x had it!
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,394
Whatever happened to the Secure Log-on? (It also enables the 3-finger salute which defeats almost all malware). I'm trying to remember when I last used a Microsoft PC that didn't have Secure Log-on... Oh. That was in the DOS/Win1/2/3 days, silly me :) Even Win9x had it!
Do you mean CTRL + ALT + DEL?
 
  • Like
Reactions: simmerskool

wat0114

Level 11
Verified
Top Poster
Well-known
Apr 5, 2021
515
With windows Pro versions under Group Policy you can set an Account Lockout Policy for number of failed account login attempts and lockout duration.


I'm pretty sure this is as good as 2FA, at least for Windows account logins.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top