|
|
|
|
|
|
by light_cone
1504 days ago
|
|
|
First of all, _most_ services is not _all_ services, so you have a use case here. Also, you could make FIDO keys that support restoring but not backing up. If you could set up a FIDO with custom random seed _as an expert option_, then you could have a secure key, and keeping the seed private would be your expert problem. I would adopt such a solution, whereas now I don't adopt the proposed solution because I cannot add a new service while having the backup key remaining off-site. Maybe another solution would be to be to have _absolutely all_ services accept several keys (enforced by protocol), in addition to be able to accept adding an off-site key with only its fingerprint, but without requiring to have it physically. |
|
|