[Tinned_Tuna]

I know it's really asking a huge amount, but my 2FA wish-list for 2017 is:

  1. U2F in all browsers.
  2. U2F on all the services I consider important (Google, GitHub, Facebook, etc.)
  3. U2F setup on the above services without a phone number -- just force acceptance of the backup codes.
  4. U2F integration in SSH.

I'm currently using TOTP through Google Authenticator. Not great, but definitely a step up.

I think with the above in place I'd move to LastPass (from KeePassX), as the security of my passwords becomes much less important. Still not a huge fan of putting my vault in the cloud though.

Oh, and a fire-proof "safe" for my backup codes.