If it is copiable, how would you know if it had been compromised?
My understanding is that backup keys should not be identical for that reason. Let's you revoke and audit use.
As such, having a backup has to be accessible so that you can register it places. There are tricks, but they only work in certain scenarios. Mostly not in the fido use cases.
My understanding is that backup keys should not be identical for that reason. Let's you revoke and audit use.
As such, having a backup has to be accessible so that you can register it places. There are tricks, but they only work in certain scenarios. Mostly not in the fido use cases.