ChainGlimpse Logo

ChainGlimpse

Home
/
Resources
/
Community forums
/

Fido2 security questions: trezor device insights

FIDO2 Security Concerns | Trezor Users Seek Clarity

By

Nina Patel

Apr 24, 2025, 04:00 PM

Edited By

Rosario Mendes

2 minutes estimated to read

A Trezor hardware wallet displaying FIDO2 security symbols, indicating features like PIN support and credential backup.
popular

A growing number of people are questioning FIDO2 support and security options in Trezor devices. As they explore backup capabilities and user verification processes, the community remains divided over the documentationโ€™s lack of detail.

The excitement around Trezor products is palpable, particularly with their FIDO2 support. However, many are left wondering: what are the real capabilities when it comes to backing up credentials? The core issues center on credential management, PIN requirements, and the security of stored data.

User Experience with Trezor: The Good and the Bad

  1. Backup and Restore: Users expressed doubts on whether the FIDO credential backup process via trezorctl effectively supports resident credentials. A common consensus points to a single counter for all credentials. Quote: "There is a single counter like in u2f; per-credential counters are not supported."

  2. Security of Credentials: The security of secrets stored on the device was questioned. A member noted, "The Secure Element is not trusted enough to store any user secrets; it just provides a decryption salt."

  3. PIN Configuration: The requirement for PIN entry varies. Users indicated that on supported models, the PIN is needed under specific conditions. Itโ€™s been reported that this can be a bit cumbersome: "Entering PIN via two-button method every time you want to log in is a huge pain."

Controversy Over Device Model Support

There's lingering unease regarding which Trezor models fully support these features. Members highlighted that only the T & Safe 5 models are optimal for reliable FIDO2 performance, but they lack streamlined backup solutions.

"If your service relies on a counter, youโ€™ll run into trouble as the counters desync," cautioned a user.

Key Takeaways

  • ๐Ÿ”’ Users are concerned about the security and backup options of stored credentials.

  • โฑ๏ธ "Entering the PIN at most every 3 minutes is less than ideal.โ€

  • ๐Ÿ’ก Only models T and Safe 5 ensure better FIDO2 support!

As the conversation unfolds, many are left pondering: Is Trezor the best fit for their FIDO2 needs, or should they consider alternatives like Yubikeys? While Trezor has loyal supporters, the uncertainty about ease of use and backup solutions could lead some to explore other options.