[jqpabc123]

For personal accounts though, I somehow feel uneasy about reliance on a small piece(s) of HW.

Most people already have a small piece of hardware called a phone that can be applied to the same effect.

Free/open source TOTP apps are readily available for both iOS and Android. This isn't rocket science, it's a simple SHA hash that either works or it doesn't.

What if you lose your phone? Remember --- this is 2FA so you need more than my phone to access my accounts. My TOTP app is password protected and I have a backup of the keys so I can easily transfer to another phone or use a desktop app to access my accounts.

What happens if you lose your hardware key? Perfect security does not exist.

[aunterste]

I think that's my point though, I can easily lose my phone, no harm done if one has the seed-values for the TOTPs and they are protected on the phone.

It's not so much asking for 'perfect' security - I agree, that doesn't exist.

But do HW security tokens create a probability of a hard lock-out that outweighs the security/convenience they provide.

[jqpabc123]

But do HW security tokens create a probability of a hard lock-out that outweighs the security/convenience they provide.

If you lose your key, you're locked out --- simple as that.

About the only reasonable way to create a backup is by buying/using/registering multiple keys. But at $40+ each, the cost adds up quickly.

It is hard to beat your phone for overall convenience. My phone is always with me and with my TOTP keys backed up to secure on-line storage, I can easily restore these to another device if/when needed and continue with only a minor hesitation. For most people, this is the most convenient/least expensive/best all around solution IMO.