[TestingTest5]

Right now the most basic USB-C Yubico Key-Dongle goes for around $80 (considering taxes and shipping in Europe). As yubico state themselves, you really need 2 dongles just in case.

Most people are not paying $160 for this, period, when 2FA and passkeys are a "good enough" thing.

[FreakLegion]

Passkeys are more than good enough. Software keys are indistinguishable from hardware keys in the context of credential phishing. Both kinds of keys have the same weaknesses, too, e.g. OAuth phishing (keys do nothing) and DNS hijacking (keys degrade to the same security value as OTP).

Other threat models (malware, physical access) are a different story, of course.

[LoganDark]

A Pi Pico is around $3, you could see if there are any solutions out there that can turn it into a security key. (though at that point, perhaps just wait for KeePassXC FIDO/U2F support)

[TestingTest5]

I'll look into that, thanks!

[tinus_hn]

Especially when they have a phone that is secured well enough. As long as the EU can keep itself from meddling away the security in their special well intended way, of course.