Is it wise to use my Trezor T as a FIDO2, 2FA, UFA, MFA, device instead of a dedicated Yubikey? If so, what are the limitations and benefits of such a decision.
So far my assumptions are as follows. A Trezor T can be restored using the seed which ensures I can regain access to accounts without having to maintain multiple backup keys. Just as with Crypto, if I have too many security keys lying around, then I run the risk of losing control of my accounts. Having one device and one seed ensures I should always be able to gain control of my accounts should the hardware break or is lost.
That said, I am trying to confirm that all sites do in fact allow you to use a restored seed on a different Trezor T device. So far, it does seem to work except for Microsoft. Sadly, that is my most important account by far.
Microsoft only supports Trezor T so don’t even bother buying a Trezor One at this point. My most recent attempt to register failed
This is easily my 8th attempt. I also tried the obvious stuff, restarts, cables, browsers, disabling PIN on trezor, using same PIN as my Yubikeys, etc. Nothing is allowing my Trezor T to register with Microsoft. It is worth mentioning, that I was able to register my other Trezor T in the past without issue. So, I know it can work.
I have an open support ticket with Microsoft. I suspect they are holding on to some previous Trezor device data that might be causing a data conflict in their systems. If we can get Microsoft to take this stuff seriously then perhaps, we can finally have a password free world.
SOLVED: My MS account had a previous Trezor registration using a different seed. Deleting that registration allowed me to registration a my new seeded Trezor.
Further testing proves that MS will only allow one Trezor T per MS account. I had a second Trezor T with a different seed loaded. Attempting to register that devices produced the same error as before. This may be a bug, but for now MS is only allowing you to register a single Trezor model T device for FIDO2.