MarketGlimpses Logo

MarketGlimpses

Home
/
Technology insights
/
Crypto security
/

Community seeks clarity on fido2 security questions

FIDO2 Support Sparks Heated Debate Among Trezor Users | Backup and Authentication Issues Emerge

By

Ravi Patel

Apr 24, 2025, 04:00 PM

Edited By

Naomi Turner

Brief read

A Trezor device displaying a security lock symbol, representing FIDO2 security discussions among users.
popular

A growing number of people are turning to Trezor devices for FIDO2 support, but mounting questions about backup processes and user verification are stirring controversy. As users grapple with these challenges, many seek answers from the community.

Context: Whatโ€™s at Stake?

Trezor enthusiasts are debating crucial aspects of FIDO2 integration. Many believe that effective backup and credential management are vital but express concerns about the lack of clarity in documentation. One user asks, "Does trezorctl fido credentials add support the counter for resident credentials?" This reflects broader worries about the technology's usability.

Key Issues Raised

  1. PIN and User Verification: Users question whether a PIN or other authentication can be enforced even when not requested by the Identity Provider (IdP). As one commenter noted, "PIN is required for FIDO2 on all models," highlighting variability across different devices.

  2. Backup Challenges: Many are concerned about the ability to back up their credentials effectively. Notably, one user stated, "If your service relies on a counter, youโ€™ll run into trouble as the counters desync." This raises alarms about using multiple devices as backup options.

  3. Model Security Differences: There's also discussion about the security features of different Trezor models. "Devices in the Safe family employ a Secure Element for additional protection layer for user data," reveals one active participant.

"Trezor is a good choice, possibly the only good choice," a user claims, indicating loyalty to Trezor despite its limitations.

User Sentiment

The sentiment amongst the crowd is mixed, oscillating between caution and optimism about Trezor's solutions. Some feel stuck, dubbing the backup system as inconvenient while others remain hopeful.

Highlights

  • ๐Ÿ”’ PIN Enforcement: Required for FIDO2 across all models, but varying conditions apply.

  • โš ๏ธ Backup Concerns: Users warn against potential counter synchronization issues between multiple devices.

  • ๐Ÿ’ก Model Security: Enhanced security features are present in Safe family models but may not be universally applicable.

As this situation develops, the community continues to seek clarity on these fundamental issues. Will Trezor address these concerns, or will many users look elsewhere for FIDO2 solutions?