You could buy a programmable open source security key instead, they recently opened their shop. https://tillitis.se/ Some of the people behind Mullvad VPN are associated with it.
> and there doesn't even see to be a dock on what it supports.
there is, at the bottom of the get started page
currently besides validating the key itself only ssh and git signing by ssh key is supported by them
Also directly from the main page the first noticeable thing:
> TKey’s design encourages developers to experiment with new security key applications and models in a way that makes adoption easier and less risky for end-users.
I.e. it's for now mainly for developers not end users (for now).
There is a "button" on it. (Which yes isn't mentioned anywhere, outside of some article you can navigate to by following multiple links).
Most important (and they could be more clear about it) it doesn't have (writable) persistent memory. Which has both some grate benefits and but can also have some major inconvenience. And depending on how/for what you use smartcard support I'm not sure it might ever support it.
Anyway the shop opened around 16 days ago so it's still very early days for TKeys (and their website, and documentation, etc.).
I'm looking forward to what it will enable.
But AFIK it's already a grate choice for certain kinds of companies for their employees.
There is a touch sensor that detects touch events. The signer application (used by the SSH agent and other things) for example detects user presence by waiting for a touch event before performing the signing operation.
Tillitis TKeys are very interesting but not yet a full replacement for Yubi in multiple aspects:
- they don't (yet) have all the features, or at least I couldn't find out how to do some of them without implementing them myself. Through due to the design of the TKey this can be added later without needing a new key or anything like that, you could even implement it yourself
- their design approach is a bit different from a Yubikey or similar, mainly it doesn't have any persistent (writable) memory. This has some drawbacks and some benefits. Benefits include that you can add applications later on, have endless many of them, and upgrade applications. E.g. a company handing this key out to 1000 employees and needs to switch to post quantum cryptography doesn't need to buy 1000 new keys, they just deploy an update and the users have to re-enroll their existing keys. Drawbacks include that you can't store anything on the key (TOTP, moving a OpenPGP key onto a Yubi key etc.) so for some appliances you need to have some metadata on the device where you want to use the key with (could be encrypted using the TKey, might just be a seed or similar to derive the right data using the TKey, etc.). Not a problem for typical enterprise use-cases, but a problem/inconvenience for your typical "private" user (which can be negated with support software).
Like, programmable key is cool as an idea but I need smartcard support and a button on it to confirm transaction to replace YK usage...