Yubikey are $50 so if you are already investing real money in your online security it’s not a stretch to expect that people will spend extra time and money to keep a physical backup
I don’t bother with a safe. I have one key that never leaves my home desk and another I have on my keychain. It’s trivial to register the second key when I am home.
Yes it is less convenient than a digital passkey but there is absolutely no way for a remote attacker to compromise it
Well, this sounds convenient. Keep the second one in a safe, but register a key to it for every website you use.
Is this a practice we actually believe users will carry out?