It's worth noting that if you install Yubico Authenticator on another device and use the same key, you do have access to the codes, because as you said, they're stored on the key.
I initially thought the codes were stored on my phone and the key was only required for access, but that's not the case.
That's either a benefit or a drawback, depending on your threat model, but it's definitely something people should understand.
I initially thought the codes were stored on my phone and the key was only required for access, but that's not the case.
That's either a benefit or a drawback, depending on your threat model, but it's definitely something people should understand.