[dhdhhdd]

Otoh if your browser/os is not compromised, it's safer than authentication code and SMS OTP.

And hopefully recovery codes have maximum retry count?

[eeZah7Ux]

> Otoh if your browser/os is not compromised, it's safer than authentication code and SMS OTP.

...but less safe than an external token if someone steals your laptop with the FIDO2 key in the USB port.

Yet, this are really very minor improvements to the (sorry) state of web and desktop security.