[raxxorraxor]

I mostly use a prefix generated from the name of the service + the yubikey button to paste the rest. If my key would fail I still have pwd reset options and I keep a copy of it in a password safe. That said, the dongle is a few years old and it still seems to work just fine while being subjected to mechanical strain from other keys.

I dislike any form of 2FA with my phone involved. Low battery, low privacy, phones just generally suck if they are involved in security. I would even prefer the old SMS while being staunchly aware that and code will be send in free text.

Still better than some shitty random app from the shitty app store.

I would be careful about a hash of a public text. I certainly would at least XOR it with secret value, even if its appearance in rainbow tables is very unlikely.