> Now, the primary difference here is that resident/discoverable keys consume space on the security key to store them since they need to persist - there is no credential id to rely on to decrypt with our master key!
The article is glossing over the biggest drawback of non-resident keys: If you lose your security key, you lose your master key, and you can't decrypt anymore the credentials sent by the relying parties. To mitigate this, you need to register at least two security keys, and stored them in different locations. But wait, how can you register both keys in a new service, while keeping them in different locations?... I don't have much experience with those keys: am I missing or misunderstanding something here?
The article is glossing over the biggest drawback of non-resident keys: If you lose your security key, you lose your master key, and you can't decrypt anymore the credentials sent by the relying parties. To mitigate this, you need to register at least two security keys, and stored them in different locations. But wait, how can you register both keys in a new service, while keeping them in different locations?... I don't have much experience with those keys: am I missing or misunderstanding something here?