Its kind of fake security
I’ve been able to register with 11 websites. 0 national banks support it; but here’s the kicker…
All of the websites still allow the original username/password logins. The yubikey is just a different way to login. Bad actors can still force password resets that trigger back to email verifications where they can get into all of your accounts if they have access to your email.
Take Gmail for example; you are forced to have a verified phone number and a login 2fa can fallback to sms verification. It’s not secure at all, the titan or the yubikey is just the first option you’re using but anybody can select the other options for verifying and bypass the security key altogether. What’s the point of even having it.
Set a complex password in keepass and you’ve effectively given yourself the same level of security as a yubikey.
They’re great but every website has really poor implementation. The way they’re utilized is just a fad and offers no better protection than without one.
Change my mind 🤙💙