Why not using Trezor for FIDO?

mud-bias-width · October 10, 2024, 2:24pm

Why not using Trezor for FIDO? Was thinking about using a Trezor hardware wallet instead of a Yubikey. Not only you have a FIDO security key and a crypto wallet!

Lukas · October 10, 2024, 2:29pm

Security.

mud-bias-width · October 10, 2024, 2:41pm

You mean Yubico is more secure? If so how?

pika · October 10, 2024, 2:53pm

i would say firstly there is a cost comparision. A normal yubikey fido2 key comes for $25 , whereas the lowest trezor device comes for $60.

Also the fact that , trezor devices actually have an updatable firmware. so there is a slight risk of supply chain attacks . Whereas Yubikeys generally don’t have a updatable firmware.

Also a Yubikey 5 would have much more functionality than trezor device like totp and password manager

Trezor and yubikeys both had their share of vulneribilities.

Honestly if you are already buying trezor for crypto then you could use it as a fido2 device too , it wouldn’t harm much.

But if you are not into crypto , yubikeys should be fine.

mud-bias-width · October 10, 2024, 9:07pm

How would a security key be more secure than a fingerprint unlocking on a macOS and Android? Thanks!

pika · October 11, 2024, 2:41am

your fingerprint can be cloned. Also biometric authentication would rely heavily on the OS to execute it in a safe environment. Not all implementations would be safe. For ex not sure how secure is face id if someone creates a 3D model of your face.
Though the question also comes to your convenience vs security.
If your threat model isn’t that high a biometric would suffice most use cases and be relatively secure.

Usage of security key could be reserved for some important logins like password manager , email etc.

Abdalonymus · October 11, 2024, 6:24am

Regarding cloning fingerprints, would an ultrasonic fingerprint reader (e.g. Pixel 9 and later presumably) remove most of the threat for anyone who doesn’t have the most serious of threat models?

phnx · October 11, 2024, 11:36am

An ultrasonic fingerprint sensor captures depth information in contrast to an optical fingerprint sensor and is therefore more accurate, more secure, and harder to fool via cloned fingerprints. Just keep in mind that it’s definitely not impossible to fool ultrasonic sensors and they won’t protect against certain threats like coercion.

mud-bias-width · October 11, 2024, 4:13pm

Thanks for the reply! I would say that Secure keys have other problems and every method you use will have pros and cons. Thanks!

Topic		Replies	Views
Change to Yubico authentificator useful? Questions	2	548	February 12, 2024
Feitian ePass (Security Key) Tool Suggestions	5	733	May 30, 2024
EUCLEAK - YubiKey 5 can be cloned in a matter of minutes Privacy	20	1412	October 25, 2024
Corrections on Nitrokey Tool Suggestions	12	410	September 6, 2024
Is a Yubikey backup always needed? Questions	5	516	October 17, 2023

Why not using Trezor for FIDO?

Related Topics