[Jach]

Why wasn't she about to send a fax?

I don't think wear-and-tear is why people aren't adopting them. I have a yubikey from Mt Gox (yeah, the btc one) that I've just left on my keychain all this time. My keychain is not treated gently, and it's been through the washing machine more than once... yet the hole is fine, and plugging it in now, it still functions and delivers its gibberish after a touch. I don't know what the expected lifetime should be.

I can't really speak to other people, but I personally avoid adopting 2FA because 1) most of my passwords are strong 2) it's not true 2FA, instead of yubikey it's some shitty SMS system or more uselessly a TOTP system whose key I can add to a bash script that'll use oathtool and xdotool to enter it for me with a hot key press 3) it's some shitty app that requires my online smartphone 4) I worry about the opposite case where services are so forgiving to restoring access that even if you have a brain aneurysm and forget the password and your yubikey bursts into flames they'll still let you in after a phone call -- if my account access can be socially engineered that way anyway, I don't want the additional annoyance of dealing with 2FA.