I do hope that I did not miss it if this has already been answered. Searching for “FIDO U2F button” did not yield results with relevant information.
I am new here and have been watching Nitrokey development on and off for some time now. A while back I received the newsletter about the FIDO U2F. Having read the facts sheet I am a bit confused. It says:
Nitrokey FIDO U2F stores your cryptographic key in a cryptoprocessor so that it remains secure even if the device is stolen, and in the event of attack using laboratory devices.
On the other hand:
Configuration and use is very easy with just the push of a button.
Doesn’t that button defeat any hardware or other protection of the key? My thinking here is that the attacker/thief could just press that button and have my one factor of the two factor authentication “compromised” that way. They don’t need to extract anything from it. They would simply use it as if they were me, effectively downgrading the authentication to plain old password protection.
I must be missing something, so any information that helps me understand would be greatly appreciated.