[conorpp]

Typically these keys are designed to be secure against remote attacks (i.e. adverse software on PC can't extract any secrets). If the attacker physically steals the key, he can just use it directly, no need for DPA. So protecting from physical access typically isn't in threat model.

[dagenix]

The problem isn't someone stealing the physical key - yes, if someone does that, they can use it. But, if its your key, and you no longer have it, you'll notice that and can take action. A bigger problem is if someone briefly takes the physical key, clones the digital key, and then returns it to you. Then, you have no idea that its been compromised.

If your use case is that you want them to be secure from a wealthy nation-state - well, thats probably a tall order. What you are probably most interested in is that the cleaning person in your hotel can't clone your key. The thing with digital security, though, is that it real hard / impossible to really define intermediate security levels - what is possible for a nation state to do, may be only a research paper or code leak away from everyone else being able to do.

So, I'd really hope that any serious security key would be designed to defend against physical attacks.

[ecesena]

To echo on Conor's comment, our keys will protect you from online attacks. The one you describe is certainly a threat, but still pretty sophisticate and requires physical contact with the key.

To protect from physical attacks you need stronger devices, for example Yubico now has an entire new line of FIPS certified products. Note that the cost is higher than the FIDO2 usb-a only key.

As Conor mentioned in other places, to obtain stronger hardware we'd need to sign NDAs with vendors, and thus we couldn't make our key open source. Personally, I really hope that this first iteration will be a success, so we'll be able to push the industry for even more open hardware, and eventually we'll be able to address threats like the one you reported.

[jiveturkey]

> to obtain stronger hardware we'd need to sign NDAs with vendors, and thus we couldn't make our key open source.

That's not true. First, you won't even be eligible to sign an NDA with a secure chip vendor. Second, this won't limit you from having your application (running on their chip) subject to the NDA.

[tudorconstantin]

Ledger Nano S protects you against physical theft by having a 4 number pin code. If the pin code is entered wrong 3 times, the device resets itself.

[ecesena]

That's good for a wallet, because misuse would signify loosing money. As these keys are primarily designed for 2fa, the attacker would also need your password to break into your account.

Things may change when 1fa will be more widely adopted, but for the time being we're going to keep it as simple as the "competition" is, i.e. just a button that you press to log in.