Real FIDO(2) Usage?

For that one should have 2 devices, both registered to same service, and the second would act as backup. FIDO specifically argues against cloning device secrets.

Edit: discussed in: Backup / Restore U2F secret?

Nitrokey FIDO U2F or FIDO2 devices can’t be cloned. The reasons are:

  1. FIDO specifications demand non-clonable devices. Instead the approach to deal with defect or lost devices is to configure multiple devices (or other means of two-factor authentication) to your accounts. This allows to recover your accounts in case of loss or defect. This approach has the disadvantage of additional effort which becomes increasingly more effort the larger the amount of accounts.
  2. If we would violate FIDO’s specification and provide clonable devices we would introduce the following risk: An attacker could buy a few Nitrokeys, initialize them and clone them and provide them to his target claimed as ordinary FIDO devices. His target would potentially use them because he couldn’t distinguish them from uncloned devices (or doesn’t know about cloning at all). It’s a kind of man-in-the-middle attack for which we couldn’t find a good solution yet.

We would prefer a better vendor-independent and officially specified solution to this challenge. We are following such developments but as of now there isn’t another “official” solution yet. Nevertheless we might change our mind in the future, if there doesn’t emerge a better “official” solution soon.

Ok, at least a possibility for a solution. I think to get rid of passwords would be great. Currently my only concern is, that the FIDO2 will not be supported by all devices I have: e.g. iPad and iPhone might be a trouble maker, while iMac, MacBook and all my FreeBSD Server / Pi will work fine

Yeah, ash on my head - I pull back my “clone” request. I thought more on something like the DKEK Shares like used with HSM. So you could make backups and restore on a different FIDO2 in case of a broken token.

The thing is, that every scheme restoring the same secret on another device is an attempt of cloning, which FIDO wants to detect on the server side (by checking the usage counter’s value difference), and this is a feature of the standard. One can of course ignore that, but cannot then call the product compliant with the specification’s design.

Ok, ignoring a spec is not always a good idea - extending it would be ok. So it might be either good to influence and try to change the spec for a generic backup purpose or just make it clear, that back needs to be done by a second type of device. I am good with that.