[ok_dad]

I use an old Google Titan key, not the bluetooth model but the regular one, as my backup (it was my primary) and a Yubikey 5 for my primary. I like the peace of mind that they give me that no one can steal my password and login to my important accounts, but I found that certain providers only allow a single 2FA to be used, with no backup, so I don't feel good using them there (AWS, what the F?) and also I find that not a lot of services support 2FA in the form of keys, they all want to use TOTP or SMS generally, so I only can really use these for my Fastmail and Bitwarden and a few other accounts, but for my bank or my health insurance, they do not support FIDO keys. I also can't use them on any government sites! I know passkeys are going to rule the world soon, but I don't like the idea that my phone and a 3rd party have access to this 2nd factor; I prefer a separate key for this purpose.

[rpicard]

AWS IAM supports multiple keys now! I think this was a blocker for using hardware keys on AWS for a bunch of organizations.

https://aws.amazon.com/about-aws/whats-new/2022/11/aws-ident...

[ok_dad]

Cool! Thanks for letting me know!

[tialaramex]

You don't mention which country and thus which government. Some US government sites do accept WebAuthn, and for at least some UK sites it's possible via a third party.

Banks though, yeah they aren't good at this stuff. My safe† bank decided one day to completely up-end how logins work and almost locked me out. My good bank provide a very stupid, proprietary solution but at least it's an actual secure solution.

† Safe in that they're owned by the government, so, if they go bankrupt I have worse problems because now I live in a failed state. Big piles money of money sit in this bank because it's safe, but it's run by clowns who don't understand customer service.