zlacker

True, but it does force citizens into a contract with either Apple or Google. I don’t think that is a good idea both from the perspective of individual freedom and national sovereignty.

>>nehal3+(OP)
Nothing beats a hardware token.

I would also use Yubikey for banking, but I am scared as f. what happens if I lose it while traveling abroad.

>>Beijin+g
Carry two, leave another in a safe somewhere in your home country?

Otherwise, yeah... Passkey it is

>>Beijin+g
I think it should be standard to allow registering multiple tokens, which would be equivalent to a backup for your purposes.

>>catlif+g1
You can copy this if you buy two. You would have to store one somewhere, where it can be fedexed to you.

>>esseph+U
The principle issue with hardware keys as implemented today via FIDO2 or U2F is that you can't enroll them without having them in your physical possession, which means if you have a backup key stored offsite, you have to fetch it anytime you sign up for a new service.

>>Beijin+g
I don't want a hardware token generator since it is guaranteed that I will lose it.

>>Beijin+j3
No need to fedex, just have a trusted person read you the code back over the phone.

>>Beijin+g
I wish that was an option, in most cases the phone becomes the hardware token, and that can be lost too. Or broken, or out of power or without internet connection.

I even have a personal anecdote. My wife "lost" her phone in Iceland. I make her login to find-my-phone with her google account, and 2fa was needed. Thankfully she had her Yubikey in her keychain (plus, we enrolled each other's key), so she was able to login. Push notification or TOTP/SMS were all not an option.

>>devman+Hk
A good strategy for this is to enroll it at day 0 for the most sensitive systems (e.g., password manager, email accounts). This way you are able to use it as a backup in the sense of giving the option to reset or access (e.g., via backup codes) all the services, without being necessarily enrolled in all of them.