[Arainach]

That doesn't help if my machine (with only a few USB ports) gets stolen/lost with the token in it. It doesn't help if some of my devices only have USB-C and some only have USB-A. It's absolutely more annoying than letting my password manager fill things in or typing in a 6 digit code from my authenticator app.

[nightski]

Get a better password manager? Most store passkeys.

[Arainach]

If the passkey can be stored in the password manager, then there's no second factor and what's the point?

[nightski]

Passkeys are password replacements that can't be breached/leaked/etc... I don't think they are necessarily supposed to replace 2-factor, however it's probably more secure than some of the weaker forms of 2-factor auth.

Given that in order to access your password manager's vault often requires 2-factor (or should at least) it's a level of security that I am comfortable with.

I take it a step further and host the password manager vault within my home network. My home network does not expose anything publicly except a WireGuard port, it's completely locked down. I have to VPN in to access the vault.