Passwords are not enough for a managed Windows sign-in. If a password is phished or reused, the device login can become an entry point to email, files and business applications. A stronger second factor reduces that risk before the user reaches the desktop.
Google has updated Google Credential Provider for Windows to support FIDO2-compliant physical security keys as a second factor. The update also supports passkeys from a nearby Bluetooth-connected mobile device. For organisations using Google Workspace accounts on Windows, this creates a practical route to phishing-resistant sign-in on managed devices.
Blue Chip Technologies should position the feature as an identity rollout, not a hardware purchase. Confirm device and policy compatibility, enrol a pilot group, issue recovery procedures and protect administrator accounts first. Security keys are strongest when the organisation also knows who owns each key, how lost keys are revoked and how emergency access is audited.




