In both cases, Microsoft stresses that the system won't easily fall prone to phishing attacks or malware, since it requires an indication that you were present and used a "local gesture" (such as a face scan or PIN code) to login.

This won't work beyond personal accounts for a while. Microsoft plans to preview the feature for both educational and work accounts in early 2019, when organizations can grant permission to set up individual security keys. There's no explicit promise of support outside of Edge and Windows, but Microsoft said FIDO2's password-free lifestyle would "hopefully" be available elsewhere in the future.