Hi,
I am looking to buy a Trezor-T and use it as a FIDO2 security key, because from my understanding, I can restore the FIDO2 credentials onto another device if I lose my current one. (And I do understand the passwordless credentials must also be backed up separately.)
I have two questions:
-
If I have an additional passphrase / hidden wallet phrase, are the FIDO2 credentials also generated using that, and not just the seed? I assume so, but wanted to double check.
-
How does the Trezor recovery process handle the FIDO2 counter (meant to deal with duplicate keys)? Does it do something like set the counter based on the current time upon recovery? If so, is there a theoretical date after which recovery wouldn’t work because the counter would be larger than the maximum counter number used by FIDO2? (I’m not sure what it is but I know there is one)