Don’t base your security on a fixed secret, in other words don’t use Public Key Cryptography (PKI) – someone will know the private key and you can be compromised and not know about it.
Exhibit 1: Dell’s recent debacle:
Exhibit 2: U2F /Fido Authentication is based on the attestation key being secret- if not than clones proliferate and security is reduced to password security!
https://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-overview-ps-20141009.html
CASQUE SNR does not use PKI