Using App with Windows Hello

[brukberhane]

I found that I coudln't setup the app with Windows Hello. If I tried to connect through the settings, it would just try and wipe the key over and over again. And if I tried adding the security key over the web it would just say I can't use that security key. It says you had this working on Windows 1809, I'm currenlty on 1909. Is this broken or is it something I did wrong?

[fmeum]

I suspect that something broke due to the update and will look into it.

Could you tell me your watch model and the current Android OS version on your watch (Settings -> System -> About -> Version -> Android OS)?

[brukberhane]

I'm using a Ticwatch Pro 4G/LTE Android System Version H (I'm not sure what the H corresponds to in version codes...) Anything else I can help with?

[fmeum]

Thanks, that is all the information I need right now. I will try to reproduce this problem on my watch.

[fmeum]

I just used the Play Store version with Windows 10 Build 1909 and found that everything worked as before. Local sign-in via Windows Hello is currently not implemented, but authenticating in a browser should of course work.

Could you maybe try to register and then authenticate on https://webauthntest.azurewebsites.net with all default settings using Chrome/Chromium and let me know how this goes?

If it should turn out that everything works with my Fossil Sport but doesn't with your Ticwatch, I would provide you with a test build that may have better compatibility.

[brukberhane]

The microsoft.com website keeps giving me the error from before. I've tried with Chromium Edge and Chrome itself... Maybe I should try the test build you have? and on another note, why isn't Windows Hello implenented?

[fmeum]

Have you tried it on https://webauthntest.azurewebsites.net/? In case you want to try out the password-less login, have you enabled single-factor mode from WearAuthn's main menu first?

Windows Hello uses the hmac-secret extension of the FIDO2 protocol, which is designed to be used with low-power authenticators (such as simple USB tokens) without displays or input devices. Therefore, it relies on the user supplying a PIN. But the whole purpose of WearAuthn is that you should not have to remember yet another PIN/password since the watch can already verify its you via the screen lock. I am thinking about how to get around this PIN requirement though.

[fmeum]

I have learned that logging into your Windows (not Microsoft.com) account with a FIDO2 security key is not (yet) supported for non-AAD devices: https://superuser.com/a/1481214

I also tried out WearAuthn with Microsoft.com again and indeed get the error you took a screenshot of if I haven't enabled single-factor mode from WearAuthn's main menu. I will close this for now, please reopen if enabling single-factor mode should not fix this for you.

[JakeFrosty]

is there a test build for ticwatch yet? I'm having a similar problem with the ticwatch pro 3 gps, and i just bought a bluetooth dongle just to try it..

[fmeum]

@JakeFrosty Do you see the app in the Play Store? I could send you the APK, but if you don't see it, I doubt it would work.

[JakeFrosty]

Owner

Yes i can see it and have it installed, but bluetooth doesn't work unfortunately, only NFC on phone