Sometimes when I try to register using FIDO2, windows asks me for my Windows Hello PIN so that it can authenticate me.
Windows Hello asking for a PIN:
AFAIK this is windows offering to be a "Platform Credential", as-in, the FIDO2 credential is locked to my TPM? Not sure, don't care, I never want to use that, I use a security key, which pops up after I press cancel.
Prompt whether I want to register using security key:
A pin prompt for my security key:
Now, I kinda realize that removing my Windows Hello pin would solve this, but then again, I like the pin, for signing in to windows... Is there a way to just disable the platform authenticator feature and only prompting for my roaming authenticator?
I also think this is rather bad as a UX, since users might have their security key connected, thinking they are using that, but when their computer pops off, all their credentials are gone.
