[cronos]

You can un-register any of the keys when you're logged in. So if you lose one key, log in using the others and remove it. No need for a master key.

[BoppreH]

Your idea works well for recovery.

But I'm thinking of a revocation scenario, where a key is stolen. In that case the attacker can just remove your keys first.

[sammorrowdrums]

So, the "something you have" element of security is to primarily avoid remote compromise. And even make local compromise require an additional theft step.

If the hacker gets your key, and your password it's game over.

But hacking the password will take some time hopefully, and systems usually have retry limits etc. so if you discover your lost key, you hopefully have some time to revoke the lost key.

I personally would not use it for password-less login, as it is only good as a second factor.

If your threat model includes any real likelihood of people capable of stealing your keys and cracking your passwords, then 2FA is only a small part of the opsec you need.

Things like NSA's Zero Trust Security model comes to mind https://news.ycombinator.com/item?id=26549363

If you're at that level, you probably need specialist infra.

But potential compromises don't mean you're not less secure than before, Yubikey would still make you more difficult to hack.

[jackson1442]

Yubikey still acts as a second factor, so for the average person's threat model this should be fine provided you use strong, unique passwords for your accounts (i.e. a password manager). 1Password supports U2F as a second factor to access your account, but you still need to know your secret key and master password; you cannot decrypt your vault with only a hardware token.