[tptacek]

If there can at some point in time be two or more tokens with the same secrets in them, you're essentially parked in the same security place as soft tokens. Just use the soft tokens.

I'm not saying soft tokens are bad. They're not; they're great. When we get a workable U2F software token, that might be the best option for most people.

What I'm saying is don't spend money on a hardware solution that isn't buying you any meaningful additional security.