[blitzar]

I use passkeys everywhere I find them. I do not take control or ownership of backing up - instead I have alternative 2fa or hardware key authentication with all those accounts.

For every account I have a hardware key for, there are 3 hardware keys associated with that account - 2 on-site, 1 off-site.

[rssoconnor]

How do you register your off-site hardware key. Did you have to go retrieve it each time you wanted to make an account?

I suppose every time one makes an account one can register the two on-site keys, and then rotate one of your on-site key to off-site and take the off-site key home with you, and then finally register it.

Maybe I should get a third key...

[blitzar]

I think you answered your own question! The three key is optimum for ease of rotating (or so you can carry one on person) - but if your house burns down with your phone in it - you will lose anything set up since your last offsite rotation.

Sounds paranoid / crazy - but I have 0 anxiety about being locked out of an account that matters.

[jasonjayr]

Which hardware keys are you using? And have you found any difficulty in adding multiple keys to a web site?

[blitzar]

Yubikey keys - zero difficulty adding multiple - if a site doesn't allow multiple I wouldn't lock my account down to a single point of failure. All the big players seem to offer it, and I can not recall any that didn't. Google in the "advanced protection" days forced you to have more than 2 keys for this reason.

By count of sites, most sites don't appear to take security that seriously so anything more than a password is off the cards, but the big ones - the ones that actually matter; email, cloud, etc. should all be able to be secured.