FIDO2 Security Questions | Users Pursue Clarity on Trezor Features
Edited By
Ahmed El-Sayed
A growing group of people is seeking details about FIDO2 support on Trezor devices, raising concerns over the security and backup functions critical to ensuring safe credential management. Questions linger on features like PIN requirements, device compatibility, and backup processes.
Community Insights
Many are curious about how Trezor devices manage FIDO2. A key point of discussion revolves around whether trezorctl fido credentials list supports resident credentials effectively. One commentator noted that there is indeed a single counter for credentials similar to U2F, but they expressed uncertainty whether this meets specific needs, stating, "There is a single counter like in u2f; per-credential counters are not supported."
Furthermore, thereβs debate about authentication when an IdP requests user verification. A user mentioned, "PIN is required for FIDO2 on all models that support FIDO2," emphasizing consistency across devices. However, they also pointed out that forcing PINs even without a user's verification request is not an option currently available.
User Concerns About Backup
Backup and restore capabilities dominate discussions, especially regarding whether credentials can be restored to multiple devices. Users overwhelmingly believe that the fundamental requirement is effective credential management. One remarked, "Trezor is a good choice in this regard, possibly the only good choice," thus highlighting the device's perceived strength despite some limitations in backup solutions.
Security Features in Focus
The security protocols behind FIDO2 features raised many eyebrows. It remains unclear whether all Trezor models share the same level of security when it comes to storing secrets. Yet, discussions elucidate that device models in the Safe family enjoy extra security layers, with one user stating, "Devices in the Safe family employ a Secure Element for additional protection layer for user data."
"Youβll need to do the backups by hand, there is no ready-made good UX solution to automate it."
Key Insights
π FIDO2 Requirements: PIN verification is mandatory across all Trezor devices that support FIDO2.
β οΈ Backup Limitations: While backup options exist, they're primarily manual, creating potential risks for users lacking technical comfort.
π‘οΈ Model Security Differences: Models in the Safe series offer enhanced protection versus standard models, impacting user choice.
Amid these uncertainties, community feedback suggests a significant desire for improved support and UI enhancements to ease the credential management process. As discussions unfold, clarity is essential for prospective buyers contemplating a Trezor purchase.
Insights Moving Forward
People continue to explore this technology with cautious optimism. Will Trezor adjust its features to enhance security and usability? Only time will tell, but for now, the quest for answers persists.