[matharmin]

Similar use case (2FA), but different implementation.

Instead of typing in a code, you press a button. It also protects against phishing by validating the URL of the site you're authenticating on (with a code-based 2FA you can still enter your code on a phishing site, which then forwards it to the real one).

[m_eiman]

There are apps that also validate the source and can automatically sign you in (or require a button press), e.g. https://www.kryptco.com

Seems like it might be useful, but haven't had the time to try it out yet.

[tialaramex]

AIUI Krypton is basically doing the same thing as these FIDO2 Security Keys, but their software substitutes an app on your Phone for the Security Key. So a web site offering WebAuthn can't tell the difference (unless you allow it to interrogate the "Security Key" to ask who made it, which you probably shouldn't)

I personally would rather have Security Keys, but a solution like Krypton is definitely easier for a lot of users and obviously the price differential is hard to argue with.

[scrrr]

Good reasons, thanks!