Let me try to rephrase. If you have a (too easy) way to backup, i.e. extract, the master key, then an attacker can use the same mechanism to backup your master key without you even knowing that the backup happened.
You can, for example, set up a pin or passphrase, however the fido2 protocol doesn't (necessarily) work like that. You buy a key, and you just start using it. There are multiple options to implement a backup protocol, but no standard one to the best of my knowledge. My original point was just that in designing such a protocol, it's important to consider this "unknown backup attack".
You can, for example, set up a pin or passphrase, however the fido2 protocol doesn't (necessarily) work like that. You buy a key, and you just start using it. There are multiple options to implement a backup protocol, but no standard one to the best of my knowledge. My original point was just that in designing such a protocol, it's important to consider this "unknown backup attack".