Microsoft turned on the ability to securely sign in with your Microsoft account using a standards-based FIDO2 compatible device—no username or password required. FIDO2 enables users to leverage standards-based devices to easily authenticate to online services—in both mobile and desktop environments. When you create and register a FIDO2 credential, the device (your PC or the FIDO2 device) generates a private and public key on the device. The private key is stored securely on the device and the public key is sent to the Microsoft account system in the cloud and registered with your user account. When you later sign in, the Microsoft account system provides a nonce to your PC or FIDO2 device. Your PC or device then uses the private key to sign the nonce. The signed nonce and metadata is sent back to the Microsoft account system, where it is verified using the public key.