BlockNuggets Logo

BlockNuggets

Home
/
Technology updates
/
Blockchain innovations
/

Key questions about fido2 support on trezor devices

FIDO2 Questions Spark Community Engagement | Trezor Users Seek Clarity

By

Rahul Patel

Apr 24, 2025, 03:59 PM

Edited By

Raj Patel

Quick read

FIDO2 logo next to a Trezor device showing security features and user interface
popular

A rising tide of inquiries is swelling among individuals considering FIDO2 support features in Trezor devices. As users dive into the technical specifics, many express confusion over backup processes and security measuresβ€”prompting a call for insights from the community.

Backup Options in Question

Users are leveraging the command line tool trezorctl fido credentials list for backing up credentials. However, uncertainty lingers regarding whether the command trezorctl fido credentials add supports counters for resident credentials. "Backup isn’t just adding multiple devices; it’s about secure restoration, especially with resident credentials," one user stated.

PIN Authentication and Device Compatibility

The debate extends to PIN requirements for authentication when Identity Providers (IdPs) seek user verification. A community member noted that "PIN is mandatory for all FIDO2 models, but entering it every few minutes can be a hassle."

Interestingly, questions arose regarding consistency in PIN support across resident and non-resident credentials. Responses indicate support is maintained. However, "Forcing a PIN requirement even when not requested by the IdP isn't currently an option," reflecting disappointment among potential buyers.

Security Measures

Security disputes center around the storage of secrets on Trezor devices. Comments suggest that while credentials are encrypted with keys derived from a user’s seed, the Secure Element may not offer the expected level of trust for storing sensitive data. One user expressed concern: "The Secure Element is not reliable for holding user secrets; it merely provides a decryption salt."

Key Insights

  • πŸ”‘ Backup complexities: Users must manually handle FIDO2 credential backups. An automated option is still lacking.

  • πŸ—οΈ PIN requirements: Consistent across models, but handling and timing are challenging.

  • πŸ”’ Security skepticism: Concerns about the scope and reliability of the Secure Element for sensitive data management.

In essence, while many find Trezor a viable choice, the absence of user-friendly backup solutions raises eyebrows. "Is there a better option out there for those of us focused on efficiently managing credentials?" As discussions continue, users are left wondering if other devices might meet their needs better.

Stay tuned for more updates as community feedback evolves.