[e12e]

> A lot of this discussion glosses over the fact that U2F really makes this a viable system. U2F solves the MITM problem and ensures that the anyone who logs in (…)

Makes viable: certainly; solves: not so sure. Session hi-jack doesn't magically cease to be a problem.

[nine_k]

It becomes much less of an issue if the connection is re-negotiated periodically, and a new key may require a physical action (touch) from the key generator.