[jasoncartwright]

I've used a YubiKey for 2FA for a year or so now. It just sits in my USB port and it feels too convenient - steal my laptop and you get my key. At least my phone has a PIN.

[sandstrom]

I think the (relatively) small overlap between knowing your password and stealing your computer is important here.

Passwords are weak vs. many types of hacks, U2F is strong. And vice-versa (easy to steal the Yubi-key + computer, but they still need the password).

[fak3r]

Mine is on my keychain, plus you need my username, password and yubikey to authenticate, so if someone steals my laptop (oh noes!) they still have hurdles to jump.

[aiiane]

U2F is protection against someone phishing/stealing your credentials online. Your password is your protection against someone stealing your laptop. The likelihood that a person who steals your laptop also managed to phish/steal your credentials is minute.

[tetraodonpuffer]

I use it for my email, and have set it up with yubikey + password, given that you need both it's not like you can brute-force the login anyways