FIDO2 lock screen on removal of a USB-key
Ok, here is a real-world problem: My company decided to force users to use smartcards and Feitian FIDO-keys to logon on our domain computers with no option to use passwords. I will not mention all the other problems that came up, especially with IT-stuff who couldn’t help remotely any of the regular users without smartcards connected to accounts with local-admin privilege. But that’s another story. My company bought a couple of thousand Feitian FIDO2 compatible keys that are supposed to be used by our domain users for MFA. Nice. Nobody thought about how those keys are treated by Windows. They are NOT smart cards, if you remove the key nothing will happen, you're still logged on until the screensaver kicks and locks the screen, all depending on your group policy. The problem is that people who ordered this solution took for granted that Feitian FIDO-keys (or any other USB-based solution like YUBI-key) would lock the computer as soon as the user pulled