[jeff_marshall]

I disagree that it's undesirable for back-up and restore to be impossible in all cases.

Instead, I would argue that plain-text export of private and secret keys is undesirable, as it removes any protections the HSM was supposed to provide (2 man rule for access, audit of use, etc). Back-up schemes that export these keys (in encrypted form) to another HSM that enforces the same rules as the original HSM can be useful, IMO.

[tptacek]

I wouldn't personally recommend backing up and restoring 2FA secrets; there's a reason that the printable backup codes you get are one-time-use. But if you're going to do that, don't bother with hardware tokens. I mean, use them if they make you feel cool (I'm not being derisive; there's value in feeling better), but understand that you're effectively turning your hardware token into a software token by doing that.

My point is not that backup and restore is intrinsically evil; it's a legit security/usability tradeoff. I think most people should use software tokens.