[wongarsu]

In the scenario "I forgot my phone and now it's gone" the Yubikey offers perfect security, because I'm unlikely to loose both my phone and my keyring with my YubiKey (that assessment might not hold for a woman with a handbag). In any targeted attack it's useless.

[tialaramex]

But if you need the FIDO key to use the phone you actually are likely to lose both at once, surely?

[OJFord]

Only as likely as you are to lose your phone at the same time as your keys today, which as GP says depends on your habits / how you carry them.

It's not perfect, (and my Yubikey doesn't support it so I don't do it) but what is?

[tialaramex]

> Only as likely as you are to lose your phone at the same time as your keys today

This makes no sense and I struggle to even comprehend how somebody could come to this conclusion.

Before: I take my phone out, I unlock it, I look at something on the phone, then I get distracted, I leave it on a bar, a desk, somebody's refrigerator, wherever.

Now: I take my phone out. I need the FIDO key to unlock it, so I get that out too, I unlock the phone, I look at something on the phone, and then I get distracted and this time leave both the FIDO key and the phone in the same exact place, because of course I do I was using them both when I was distracted.

Can at least one of the people who seems so sure that somehow this wouldn't alter how often they lose the two items they now need together explain their thinking? Do you just... lose things randomly like maybe you have a gaping hole in your pocket and things fall out but you've never bothered to repair it? How are you losing things so that it somehow doesn't matter whether they're used together?

[OJFord]

> Now: I take my phone out. I need the FIDO key to unlock it, so I get that out too, I unlock the phone, I look at something on the phone, and then I get distracted and this time leave both the FIDO key and the phone in the same exact place, because of course I do I was using them both when I was distracted.

If I had an NFC one what I imagine doing is just pulling my phone out of one pocket and tapping it against the other, where my keys are.

I suppose if I was going to plug it in I could do that today (albeit with a USB-C adapter) but I don't because, the security point you mention aside, it's a usability nightmare (even if I didn't need an adapter).