[xzcvczx]

probably, however i only know about the solokeys hacker as that is all i own, and even with that what you would want to do is modify the bootloader to only update with your own crypto keys that you then keep in secure offline storage.

As far as i can tell there is not documentation on how to do this but the 5min look i had at it made it look quite easy.

Do the 2fa services you are looking at using allow multiple keys to be configured per user? if so that would be a much better way to do it than cloning keys. they would still have their backup but there wouldn't be the same security issues that are apparent in the process of cloning the keys. If the computer you used to "clone" the keys had been breached prior to you cloning the keys then someone could theoretically find all your 2FA keys and your 2FA would be useless

[dbmueller]

Mmh, I don't have any specific service in mind. Concerning cloning, it's not such an important request, and if people have good reasons to think it's not worth it, I'm OK with that.

What was your experience with the solo keys, then? I gather they haven't implemented SSH and GPG key "management" yet: is that right? So for now it's just U2F it seems.

[xzcvczx]

i mainly went with the solo for the usb-c (and opensource), correct they don't have ssh or gpg yet but apparently its close.

haven't had any problems with it but it does feel a bit flimsy (again haven't had any issues just based on the feel of it)