If you have already enabled two-step authentication via SMS or a mobile app, you have the additional option of adding one or more Windows Hello-compatible devices. When signing in from these devices, you can use your fingerprint sensor or facial recognition instead of SMS or a mobile app to complete two-step authentication.
You will not be able to use Windows Hello when signing in from a device that was not added to your account. In these cases, you will need to use SMS or your mobile app to sign in.
If you have not yet done so, first set up two-step authentication by SMS or mobile app.
Go to Start > Settings > Account > Sign-in Options and follow the on-screen instructions to set up Windows Hello. For details, see Microsoft’s documentation.
In your Profile settings under the Two-step Authentication section, click Add authentication step.
Select Use Windows Hello. This option will only appear if your browser supports Windows Hello.
Follow the instructions displayed in the pop-up window to set up Windows Hello.
Next, enter a name for your Windows Hello device. This will help you tell them apart if you add multiple such devices.
The next time you sign in, you will be prompted to use Windows Hello for two-step authentication. Follow the instructions on the screen to login. You can still cancel and opt to use a verification code instead, either through SMS or a mobile app.
Windows Hello is supported through WebAuthn, which requires a modern browser.