[Fnoord]

> Some web sites have started to offer support for passwordless authentication using FIDO2 hardware keys. This offers similar security properties to SQRL (in some ways arguably better), while also being very simple to use.

Right.

> A major downside is difficulty of backup. The private keys are locked inside the hardware and cannot be accessed in any way.

That's a feature, not a bug. You buy at least 2 keys (1 backup), ideally 3 (2 backup).

As for SQRL, I never took anything serious at grc.com/Steve Gibson. He was all about snake oil 20 years ago, and probably still is.