New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for FIDO2 resident credentials on SD card #245
Comments
Passwordless login is already possible with resident credentials stored in NV RAM, which has been implemented as part of #394. |
Blocked by #323 |
Thanks for this awesome work. May I ask, what's the current status of this ticket? |
FIDO2 support is already fully implemented in Trezor T, including support for device resident credentials (i.e. passwordless logins) and the hmac-secret extension, which are the requirements for Microsoft compatibility. This ticket is only about the storage of the resident credentials on the SD card. Since we already allow storing up to 100 resident credentials in the Trezor T internal storage and we also support backing-up these resident credentials using AFAIK, there are no immediate plans for supporting FIDO2 on Trezor One. Correct me if I am wrong, @prusnak. |
Supporting authenticator resident credentials makes it possible to select the credential private key given only an RP ID. This will allow Trezor to be used for first factor authentication (password-less) and it is also required for Microsoft compatibility (https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key).
In order to support this feature we will need to be able to store the Credential IDs on the SD card #162.
The text was updated successfully, but these errors were encountered: