Ultimate target is above average security(better than on a pin-protected phone with a TPM chip that protected by fingerprint) while staying convinient to use
As I understand it, Ideally you’d go with quill and airgapped PC but this seems needlessly complicated and unconvinient, and all wiki docs I was able to find are terribly out of date
Let’s assume user does the following:
creates a new Internet Identity and selects trezor as the only device allowed to sign-in
doesn’t backup secret phrase offered on NNS
creates a backup of trezor’s secret phrase instead and stores it securely
remembers his 7 digit nns id
protects his trezor with a strong PIN
How secure such scheme would be?
Can U2F be ALWAYS restored from a trezor seed phrase on another trezor device?
What if Trezor stops manufactoring or all trezor wallets vanish from existence completely, can I still sign-in by other means if I have my trezor secret phrase?
I dislike using ledger due to recent events(even a hint of private keys leaking makes me sick)
quill and airgapped PC sound good but are inconvenient to use
What are other secure alternatives I might be missing?
There is no universally correct answer to your question. In particular, I don’t know how the U2F implementation on Trezor works, but from my experience with the U2F implementation on Ledger, I would strongly assume that setting up a second Trezor device with the same seed phrase should lead to the same keys used by the U2F app, and thus your proposed scheme makes sense. (You could test that by resetting your Trezor and setting it up from the seed phrase again.) I am using a Ledger U2F device as a backup method for my II, for exactly the same reasons. I don’t use it for day-to-day operations because it’s still somewhat inconvenient.
To respond to your questions more concretely:
While I would expect this to be true, since otherwise the U2F implementation on the Trezor would be entirely pointless, it’s something that you should be able to just try.
The following is worth a try (but I don’t know the answer): Is the Trezor U2F app compatible with the Ledger one?
I verified that U2F secret on Trezor is deterministically derived from the seed phrase. Resetted my trezor to factory defaults and restored from the seed phrase, was able to sign in via U2F to nns app with no issues.
I would be grateful if someone who owns some other U2F capable device could check if it’s possible to enter the same seed phrase on BOTH devices(say trezor and ledger) and still be able to sign in to the nns app via U2F on BOTH devices.
For the NNS app itself it could be cool if we could:
to disable the warning of seed phrase backup. Burry it somewhere in settings and make a BIG RED warning where user should confirm
Ideally when I sign-in to the nns app via U2F and have the backup of the U2F device itself I would never-ever want to reveal the seed phrase on the nns app itself(oh no, seed phrase directly in mem of PC). It’s just an additional security threat to think about.
Just a quick note: The recovery phrase you see in II (that’s not in the NNS dapp) is completely independent from the one on your Ledger or Trezor. The phrase is generated and maintained in the browser; it’s an additional one.
Yea, I understood that. This is why I’m saying that in my case it’s an extra security threat I need to think how to take care about.
If someone manages to acquire this “different” seed phrase(I never want it to exist in the clear text in the first place, especially in memory of my PC jeez) - I’m screwed no matter if everything else I’ve done is still secure…
I just checked once again on an empty II
it’s not exactly what I want, in order to delete it I have first to REVEAL the seed phrase… and I want it to never exist in the clear text on my device in the first place
If I never set it in the first place, there’s nothing to delete and this dumb window asking me if I want to set it shows every time I log into nns.ic0.app
