For whatever reason I purchased a Nitrokey 3A some time ago. Now I have time to learn how to use it.
I understand that the Nitrokey does enhance security. But what, when the Nitrokey gets faulty? Or gets lost?
Is it possible to copy the content of the Nitrokey to another one as a backup or to another kind of device?
If there is no means for a backup I do just exchange one risk by another. Without key I will be locked out from anything, or?
The general concept of token like the Nitrokey 3 is they store the secrets that securely that no backup can be made.
Basic idea: if you lose the token tomorrow, the finder can’t access anything, with the wrong PIN the key locks completely after a few false tries.
Of course your thought is correct. The concept means you should have a suitable backup method for each secret, at the beginning of use and later. Once you get used to use the Nitrokey, you can decide if you simply get a second one and register it separately (you also can’t backup from one key to the other) with the services, or use other authentication methods. Whatever you choose as backup (second key or methods), you can keep safe, to rely on when you need the backup.
However, that still doesn’t fully answer why the concept doesn’t allow for backups AFTER ENTERING the corresponding PIN. In my opinion, that would be even more optimal, since for most applications, you could safely use a key, always knowing that a copy of the content is stored safely somewhere.
However, I’m writing this text with complete ignorance of the hardware used and its actual capabilities. Perhaps the hardware simply doesn’t offer these capabilities. Then there might still be potential.
