And what do you do when your key is broken or lost? Because that will happen.

quickthrower2 · on Dec 23, 2022

Backups! Copy of key at friends house.

taeric · on Dec 23, 2022

If it is copiable, how would you know if it had been compromised?

My understanding is that backup keys should not be identical for that reason. Let's you revoke and audit use.

As such, having a backup has to be accessible so that you can register it places. There are tricks, but they only work in certain scenarios. Mostly not in the fido use cases.

mr_mitm · on Dec 23, 2022

So that the friend, or someone who steals from the friend can impersonate me?

Proving your identity when you lost your proof of identity is still an unsolved problem if you ask me. At least in general, it seems that there is no one solution that works for everyone.

upofadown · on Dec 23, 2022

Put a PIN on it...

You can remove the PIN later. The hardware key can be set up to wipe the device after, say, 10 incorrect guesses.

taeric · on Dec 23, 2022

If it can be wiped on incorrect pin usage, you can be maliciously locked out of accounts relatively easily.

upofadown · on Dec 23, 2022

Then you are going to know that the friend was messing with your hardware key. Better that than finding out they are willing to betray you by stealing from you.

quickthrower2 · on Dec 23, 2022

Only if that key is the only factor.