[Question] Is there a way to use FIDO2 AND have a passwd as fallback?

[aanno]

[Question] Is there a way to use FIDO2 AND have a passwd as fallback?

I'm aware that you could use the masterkey if you loose your token like this:

$ gocryptfs cipher plain -masterkey <key-here>
Using explicit master key.
THE MASTER KEY IS VISIBLE VIA "ps ax" AND MAY BE STORED IN YOUR SHELL HISTORY!
ONLY USE THIS MODE FOR EMERGENCIES

But:

1. Is there a way to have an additional passwd?
2. Is there a way to support 2 FIDO2 on the same crypted dir at the same time?

[SamBayerZXZ]

I am also interested in this. Hardware key developers insist on registering at least 2 keys in case of loss or failure of one. Yes, it is possible to access using the master key but but there is no way to change the hardware key to another one or change the key to a passphrase. Currently, if you lose your hardware key, you must create a new vault with a new hardware key and migrate data from the old vault to the new one. This is not a problem if the amount of data is small, otherwise it is not convenient. When trying to change the password of a fido2-encrypted storage, we get an error

gocryptfs -passwd -fido2 /dev/XXX /test/.crypt/

FIDO2 Secret: interact with your device ...
Decrypting master key
Password change is not supported on FIDO2-enabled filesystems.