[ShakataGaNai]

I got a Solokey as part of the Kickstarter and love em. USB-C + NFC in one device.

The one thing I'd love out of a security key is the ability to set up a "Twinned Pair". So I can have one key on my keychain that I use everyday and one I keep in my safe in case something happens to the primary. Yes, I know some services support multiple security keys - but setting up two is more work and not all services do support two.

[girvo]

I definitely would like the requirement to allow multiple keys to be a part of the standard. Allowing it at the key level seems dangerous to me, perhaps, in allowing an attacker to perhaps "clone" someone's key that hasn't setup a pair yet, though of course I'm sure there's mitigations for that if it was seriously proposed!

I have two Yubikeys, one in a safe and one on my person. It saved my butt when I lost access to the one on my person for a few days!

[arianvanp]

The fido2 protocol involves a counter that allows the server to detect cloning of a device :)

[brazzy]

The standard is actually designed specifically to prevent that.

[ac29]

So what happens when you lose your key, or it stops working?

[brazzy]

You need to have a completely separate fallback. Typically the service will at minimum give you some one-time codes as an alternative for such cases. many services allow you to register multiple keys or TOTP apps.