Extend your passwordless journey to device login

Okta Device Access now supports passwordless login and FIDO2 YubiKeys for Desktop MFA

Despite all the talk of driving workers back into the office, most companies still offer remote and hybrid work arrangements. According to a report from McKinsey, 56% of employees work at least part-time away from the office and 7% work fully remotely.

That means most organizations continue to face the challenge of extending security standards to all machines, regardless of location or operating system. In fact, up to 97% of organizations allow at least some employees to access their laptops and desktops with only a username and password. And we all know the low bar passwords set when it comes to security!

The trouble with passwords

Improperly secured devices are points of enterprise vulnerability that can lead to data loss, business disruption, and reputational damage. Traditionally, multi-factor authentication (MFA) and passwordless login have secured application access, but now both are also emerging as critical solutions for securing device access.

However, Okta-sponsored research through Foundry found that, as of early 2024, only a quarter of organizations have deployed enterprise-wide desktop MFA or desktop passwordless login.

Passwordless is the future

Passwordless login is a more secure form of authentication that can help increase desktop MFA adoption by improving the user experience during device login. We strive to provide the most secure login methods for all users and their devices through Okta Device Access.

That’s why we’ve enabled organizations to leverage our native Desktop MFA feature to extend a passwordless experience to device login and broadened our supported factors to include FIDO2 YubiKeys.

Eliminating passwords from OS login

Okta Device Access offers Desktop MFA to secure your workforce’s first vulnerable touchpoint — device login. Desktop MFA empowers you to drive stronger authentication at first login and meet security compliance requirements. But now, you can also reduce login friction by enabling passwordless desktop access without sacrificing security.




Available now for Early Access through Desktop MFA for Windows, you can remove the password prompt for end users to log in to their Windows computers without entering a password. Instead, when users have internet access, they can log in using Okta Verify push notifications, alongside biometric authentication, on their phones.

We highly encourage admins to enforce user verification with biometrics to maintain two-factor authentication. Please refer to the product documentation to learn more about enabling passwordless login and biometric authentication.

Admins can also require end users to address Okta Verify push notifications with a number challenge. An Early Access feature to enforce push notifications with a number challenge is now available for Okta Device Access, regardless of the tenant-wide setting. Read the product documentation to turn on this feature.

This is just the start of how Okta will support a passwordless experience across device and application access touchpoints. Start minimizing the usage of passwords today to provide a seamless but secure user experience to your workforce.

High-security assurance authentication with FIDO2 YubiKeys

Desktop MFA is integral to any Zero Trust security approach, to the extent that many cyber insurance providers and security compliance requirements specifically call for enterprise-wide deployment of MFA for both applications and devices. Okta Device Access provides Desktop MFA for Windows and macOS with support for various factors to enable online or offline access to devices.

Now available for Early Access, Desktop MFA for macOS supports all FIDO2 YubiKey models (i.e., YubiKey 5 Series and Security Key Series by Yubico) for authenticating into Apple computers with online access. Support for offline access will follow shortly when this feature is Generally Available this summer.

FIDO2 YubiKeys for Desktop MFA for Windows will also be available later this year with online and offline access and support for FIDO2 Yubikeys in passwordless authentication flows. This is in addition to the current support of OATH YubiKeys versions 5.0 and up for offline Windows access.


By extending high-security assurance authenticators like FIDO2 YubiKeys to the device login touchpoint, Okta Device Access introduces another secure and low-friction path for end users to log in to their macOS devices. To enable Desktop MFA for macOS support for FIDO2 YubiKeys, please find the latest version of Okta Verify for macOS and refer to the product documentation.

More to come with Okta Device Access

Our vision for Okta Device Access is to deliver a unified and secure passwordless access management experience across all touchpoints, from devices to applications.

Okta Device Access brings the best of Okta’s simple, secure authentication experience to the point of device login for Windows and macOS computers. It improves the user experience by allowing users to securely access all their work resources simply by signing in to their computers with their passwordless credentials, enabling them to access their work more safely and quickly.

To deliver secure access at every login touchpoint and a seamless user experience, we plan on a lot more innovation with Okta Device Access. Stay tuned for news of additional product enhancements! In the meantime, to learn more about Okta Device Access, visit the webpage and read the solution brief!