@Tim I need to dive a bit deeper into what FIDO is. From a quick read of their website, it looks like it’s a means of standardizing authentication for a centralized, online service. While we’d be taking the same public-key cryptographic challenge approach for proving ownership, that’s decentralized and peer-to-peer.
However, maybe certificates (and their public/private key pairs) could be used with a FIDO-enabled online service? That could be a really interesting application.
@Chris_J for “what’s a good challenge text”, I was talking more the underlying implementation than the experience. The user may just hit a button, but the app still needs to generate something for that cryptographic challenge. I don’t know if choosing a poor challenge text might make the public/private key signing more susceptible to attack.