[solatic]

> If you’re the kind of person liable to get personally targeted for nation state level attacks, then you definitely are going to want to unplug your yubikey and keep it on your person.

Maybe yes, maybe no. Do you have a backup YubiKey? If so, then you need to keep it in a separate location (i.e. don't defend against losing your keys by putting both your primary and your backup on the same physical keychain). Are you putting it in a safe? What safe can you buy that is sufficient protection against nation-state level attacks? How often do you check your safe to make sure that your backup hasn't been stolen? What process do you have in place to revoke and replace your backup YubiKey in case you do discover that the backup has been stolen (do you have a list of every website at which you ever enrolled the backup, and how do you safeguard the list)?

IMO unless you are very seriously paranoid, you buy a "nano" in-slot YubiKey if your usage pattern targets a single machine, and a keychain YubiKey (with NFC) if you need portability between, say, your work laptop, your home desktop, and your phone. It's not a question of security but of your usage pattern.