[godelski]

This has been a thing preventing me from getting one. A key that's supposed to be on you (or locked in a vault) is prone to getting destroyed or damaged.

So since my threat model isn't high and this would be more a nerd thing, it doesn't seem worth it. 2FA is good enough I guess

[lucideer]

Fwiw, I have 3 of these and I have yet to encounter a service that doesn't support all three, so it hasn't been a issue.

People have mentioned AWS IAMS only supports one at a time, but that's definitely "a nerd thing".

The only "normal" user-facing service I've tried with some unnecessary restrictions is actually Twitch (also an Amazon property), so it sounds like Amazon are just specifically bad at this, rather than most companies having bad implementations.

But in general, it's been fine for the vast majority of services.

[chrisdhal]

I've had a Yubikey for about 3 years that is on my car keys keychain which goes with me everywhere. It's been all over the US and into Costa Rica all in my pocket or haphazardly thrown into my backpack (with a bunch of other random things).

There is zero evidence of any wear or anything. They are meant to be carried around, you don't need to baby them. I'm more worried about it being lost than damaged.

[ozim]

My friend was like "why would I pay for this when Android phone can act as one as well".

I am more concerned with losing my phone or that my phone will die that something happening to my ybk.