People should drop passwords altogether

[Marco]

There is no third party backup of the master key, and no third party involvement in the login.  Since each user has a written copy of his master key, recovery from lost or dead phones, or transfer to new devices, is straightforward.  Access to the master key on the device is available only after the user logs into his SQRL app - in whatever manner provides the most security the user can tolerate, which may be very little, at the user's option.

I wonder if it would be possible to fake a FIDO2 device, but generate the keys with SQRL. Obviously wouldn't work when attestation is required, but I don't think most websites require that.

[Someone]

There is no third party backup of the master key, and no third party involvement in the login.  Since each user has a written copy of his master key, recovery from lost or dead phones, or transfer to new devices, is straightforward.  Access to the master key on the device is available only after the user logs into his SQRL app - in whatever manner provides the most security the user can tolerate, which may be very little, at the user's option.

I wonder if it would be possible to fake a FIDO2 device, but generate the keys with SQRL. Obviously wouldn't work when attestation is required, but I don't think most websites require that.

That's part of the problem, FIDO has information from the device/client/authenticator to verify that it has a valid (model specific) certificate, a certificate that can be revoked if the FIDO organisation doesn't feel that it is meeting their requirements. If they say you can't have the user transferring certain types of keys, then anything letting the user transfer those keys could be revoked.

This discussion ends up rather convoluted and difficult as there are different type/functional "keys" within the proposed systems. So while there are cute projects to help users take control of keys:
https://dicekeys.com/
other keys are not for users to see/backup/transfer.

[Peabody]

My understanding is that FIDO2 generates a random private key for each site.  But if it's the client that generates the keys, then in theory you could just as easily use the key generated by SQRL.  The server would have no way of knowing the difference.  In fact, I believe FIDO2 uses, or optionally can use, the same elliptic curve that SQRL uses.  But as Someone says, FIDO2 may have ways to prevent that.