[Elizzy]

Eh. Hence why I said it like I did. In most cases, the device generates the secrets. And that's how it should be done, it guarantees that they can't be compromised easily (vs if someone compromised wherever you backed up those keys to).

[sasas]

Sure. There are also other instances where the Yubis keys maybe exposed, such as when using their OTP protocol which requires the keys stored in a validation server (either theirs by default, or your own [1])

[1] https://www.yubico.com/products/services-software/open-sourc...