> I don’t see any use case or security benefits by using the static password feature. Even if you enter a password manually and concatenate it with the password of the Yubikey, a keylogger still gets both parts (assumption: You don’t reuse passwords).
If keylogger is what you're defending from, yes, it doesn't help. And in this scenario you've probably already lost.
On the other hand, it makes a large portion of the password immune to video-recording you typing the password in. Yes, it's technically trivial to then steal your Yubikey, extract the static password and combine it with the recorded one, but these are still quite some extra steps.
My point is, if a particular service or application doesn't support anything more refined, using a static password as a pepper[0] is perfectly fine and still an improvement over not doing so.
The static password feature would actually be perfect with a few small alterations.
I use Apple's Advanced Data Protection product. This product gives you a 64-character code you must know. I am probably not capable of committing this code to memory.
I wish I could tell my Yubikey this code, and it would save it.
---
Now, as a US citizen, it is very hard for the government to compel me to disclose a password or a pin code. If the static password feature required a simple password (say 6 characters), with reasonable brute force prevention, it'd make it so that I have a way to protect myself. On the other hand, if it is not pin protected, there is nothing preventing the government from getting a search warrant for the Yubikey itself and using that.
Reminder: Yubico doesn't have a monopoly on security keys. Make sure your software/tutorials support the open-source alternatives like OnlyKey and NitroKey.
Mullvad VPN has announced that their sister company "Tillitis"[1] is working on a really interesting key and it looks like it's releasing pretty soon (2023-03-23).
From the website:
>The TKey™ is a new kind of USB security key inspired by measured boot and DICE.
>TKey™s design encourages developers to experiment with new security key applications and models in a way that makes adoption easier and less risky forend-users.
>TKey™ is and always will be open source hardware and software. Schematics, PCB design and FPGA design source as well as all software source code can be found on GitHub.
[1]: https://www.tillitis.se/ -- also "tillit" is Swedish for "trust" and "mullvad" is Swedish for "mole" (the animal).
so far, Yubikeys are the only ones I've found that support both FIDO2 / WebAuthn as well as GPG smart card functionality for use with pass(1).
they also support ed25519 FIDO SSH keys, whereas all the cheapo FIDO keys I've tested only support ecdsa-nistp256, but that's a relatively minor difference.
Nitrokey 3 claims that GPG smart card support is planned in an upcoming firmware update. once that's released I may bite the bullet on shipping costs and order one. 55€ shipping to the US for a 49€ key is cost-prohibitive for the most part.
Safari seems to have its own implementation of a virtual security key also. Before I plugged in my Yubico recently, Safari asked me for my fingerprint as a fallback.
Technically, we can just use client certs, YK supports them (via smartcard emulation, you can also use that to auth via SSH), just it wasn't really there, ever, on UI front...
Unfortunately SoloKey doesn't work as an OpenPGP smart card, which means it's not a real substitute for a Yubikey. I haven't had any luck with resident FIDO2, either.
The Solo team believes that other functionality such as PIV overlaps with GnuPG use cases, so that OpenPGP isn't a priority, and their work on that functionality appears to have stopped in 2021. That's too bad, because OpenPGP's network effects far outweigh its pure functionality, which means a technical substitute isn't a substitute.
While I have a few Yubikeys in a drawer somewhere, for years I've preferred to use an actual smartcard to store my keys. Sure, it only offers a subset of the features of a USB key, but I've found that I really only need to sign, auth and decrypt data. All the other fancy things like OTP, FIDO, etc., either have alternatives (e.g. pass-otp), or are just not used often enough. I haven't been in a situation yet where I _need_ to use a USB key.
Besides, the experience of using Yubikeys always annoyed me. The touch functionality was way too sensitive, causing many unwanted triggers. Having it always stick out made me nervous it was going to break. And the small USB-C version was often difficult to remove, while also taking up a USB slot.
Smartcards are nice since they're compact and stay neatly inside a laptop, and they use a separate interface for that purpose, instead of the generic USB. I wish more laptops had readers for them.
On my laptop, this one[1]. While there's a model that supports NFC, I've found these don't work well with Password Store + OpenKeychain on Android. So I use a different unbranded one there. Don't remember where I bought it, but there's nothing special about it.
I like the idea of securitykeys, but having to drop 100€ for a key (since in my opinion you are playing with fire if you don't buy a backup) feels like excessive and then having to worry that I remember to take my securitykey with me everywhere...
Yeah, yeah, security vs. convenience is always the issue, but so far I've just selected convenience.
> Yeah, yeah, security vs. convenience is always the issue, but so far I've just selected convenience.
In terms of the SSH and GPG keys which I use multiple times every single day for me this is convenience. I have my keys always on my person and they are tied to me, and not a particular machine. Whether it's my laptop, my desktop or my phone, I have a single pair of keys that are virtually impossible to steal even on a so-so trusted device like a proprietary phone.
When you start considering a security key as a portable credential storage to use across all your machines, it becomes actually more convenient, not less.
I am just not at all paranoid about my SSH keys. Those are password protected and the worst that you can do with them is to run some low yield miner on my machines. I guess you could "steal" my source code, but I publish it free on github anyway.
Maybe convenient if you are administrator or something, but for normal life seems unnecessary.
However I can see the appeal of having everything behind a physical factor
The cost is not really that enormous when you consider these things are pretty bulletproof, I've had one for about 10 years on my keychain. That's €5 per year. I am currently waiting for NitroKey 3 to have non-alpha OpenPGP SC support and will likely buy one as soon as it's available (although maybe I should buy one now to support development and maybe have a play around myself).
You don't need a backup unless you don't trust your hardware at home, just store backup keys on some trusted host, or offline on some storage media, you then only need to buy a new security key whenever you lose yours. Even so, if you DO decide to go the backup route, the backup is not likely to get list and very likely to last much longer than 10 years.
With security keys which have NFC capabilities, you can set things up so that accessing any website from your phone is only a tap away (you need to enter the pin before hand, or every time, obviously choice of convenience here is up to you but if your phone itself is secure enough then maybe this isn't such an issue to keep the pin cached while the phone is on).
That's one reason why I prefer USB-A security keys (it's just more ubiquitous at this point, and A-to-C adapters are readily available, while the reverse is out of USB spec).
The other is that USB-A has all moving parts in the socket (vs. in the cable-side plug), which presumably makes a USB-A key more reliable.
I've had USB-C keys break on me mechanically, so having an A-to-C adapter with moving parts on both sides seems like the best of both worlds (durable security key, durable device-side port, easily replaceable adapter).
I always wonder how often someone gets into a crisis because their Yubikey breaks while they're at, say, a conference (ie. far away from the backup, be it another key, or access to recover codes). I recon they can just break when plugged into a laptop that takes a dive.
Most people have only their phones, which can also break. But some people only start thinking about that stuff when they look at alternatives like the Yubikey.
> they can just break when plugged into a laptop that takes a dive
So can the laptop at a conference. Or anything else really. I just remove my Yubikey after use and carry it in my wallet when not in use. Sure, I can lose my wallet, but I have multiple back-up options for the Yubikey, I mostly use it for convenience.
I’ve carried a USB-A Yubikey in my pocket for 7 years and it’s never broke. I also keep one time login passwords encrypted and available in the cloud in the event I lose the key.
I've had one USB-C key break on me in the past, and my replacement is already showing signs of wear. Fortunately it's not my only way to get back into my accounts if it breaks.
My (sample size 2) theory is that USB-C isn't the best connector for a security key, since it intentionally moves the wear-prone part (i.e. the dust-collecting and mechanical spring involving side) from the port to the cable.
USB-A is completely solid state, and most security keys use the "flat" variant of the plug that further reduces the chance of mechanical damage and/or collecting dust.
I solve the issue of forgetting my key by having a key constantly attached to my keychain with a keychain clip except when its in use with my notebook. This means that I have three keys - one on my keychain, one on my main computer, and one for backup.
Also I have my passwords synced to my phone, which could serve as a mobile backup in a pinch. I currently have it configured to require the key, but I should probably change that now that I think about the possibility of losing the key.
Using the key is more convenient to me than not using it, because it saves me from having to remember and enter a long master password.
I found that four were the right number of keys, not two. One for the permanent safe, one for the keyring, one for offsite storage at another location (like office) and one to leave in the computer.
Same, I only use the key when something forces me to, cause I trust TOTP authentication apps even less. (I don't mean trusting that nobody hacks it, I mean trusting that I don't get locked out.)
Thankfully now with Google Authenticator at least you can export the config to another device. I periodically do this to my old Android phone so I have a backup device in case I destroy my current one
For full disk encryption, if you use systemd and not another init system, i'd also recommend systemd-cryptsetup, it's already installed on your machine if you have a relatively new systemd (at least 248). With systemd-cryptsetup you can use fido2, and your normal fido2 pin, to unlock your LUKS drive.
This also works with the YubiKeys "Security Key" series, that only have fido2 and no otp/chalresp.
I actually considered that setup but decided against it. The thing is, if I did this, I would eventually succumb to convenience and would plug the key into the machine at all times. But that defeats the purpose: if a thief steals my computer they can just tap the key rather than know my password to unlock my disk.
Your paranoia is getting out of hand, seriously.
2FA here, OTP there.
Idk about you, maybe you do have such sensitive data that you have to double guard everything, I and the usual average guy doesn't.
Why do I care? Because this craze has already reached the real world. Amazon requiring 2FA on deliveries. Wtf is wrong with my passport or other document? Nothing. Now I have to be physically present and recite some fucking code they sent my via fucking email or app if installed.
I can't log in anywhere anymore without having to double prove that the password and email is indeed mine.
STOP THIS MADNESS ALREADY!
My World of Warcraft account had been secured by 2FA 10y earlier than my bank account.
The good thing is, the launcher app on _my_ PC got the feature (a few years ago) that I only need to use the actual 2FA fob once every few months, not every time I login. It protects me against the most common case (someone logging in with my account/stealing my account) while not getting in the way at all. Unless someone breaks into the apartment, but I'll take that risk.
Still wondering what's wrong with most orgs not even offering the user the choice of "no 2fa/2fa everytime/whitelist this one device for $period".
That's probably not about information security, it's simply Amazon not trusting the gig economy delivery worker enough with an expensive package, so they give you a number only you know and he doesn't, and that's how they verify that he has to interact with you before marking the delivery as done. It's to prevent a common kind of theft.
(I'm not talking out of any inside knowledge on the process, just thought that'd be the reason)
My work recently changed the password length requirement to 16 characters, 2FA now requires typing in a number and you automatically get deauthenticated every 12 hours.
I really feel there's got to be diminishing returns for such policies
I really would like to use it, but without ability to backup it, I don't wanna. I've read some time ago Yubikey of some other company showed initial spec, but I never heard any followup, I don't remember the link. For now I'm using TOTP but it's a chore. Salesforce Authenticator has nice idea with custom push-based protocol, but it's not running on dedicated hardware. I think ESP32 S3 has hardware potential to act as security has as it has e-fuses and has enough umph for cryptography, it would be interesting option to see (maybe with optional wifi/bluetooth faraday cage on it)
The backup plan is mostly having a backup key. The whole point is that there's a secret inside the key that can't be stolen, and that means there's no way of exporting it either. Most services I deal with allow registering multiple keys. Some like Paypal don't, but allow having both a key and TOTP so you can use TOTP as a fallback.
It mostly acts as a keyboard (bluetooth or USB). It supports TOTP, and will type it out for you. It has an internal battery and for TOTP the clock is set by the management application for it.
I'm with you re: backups. The whole "just have a backup key" methodology seems tediously manual and fraught with opportunities for error/laziness.
I've been looking into OnlyKey[0] recently. It seems to have sensible backup functionality at least.
Using something The Mooltipass[1] (USB HID password vault w/ TOTP support that has a sensible backup strategy) comes closest to what I want, but not quite close enough. (I'm disenchanted with it because it seems to lean heavily on an app on the host computer for functionality.)
> It seems to have sensible backup functionality at least.
The backup functionality seems to completely negate all security benefits of using separate/minimal security key hardware, since it requires passphrase entry on a computer and then exposes the backup file encrypted under that passphrase to the same computer.
> I really would like to use it, but without ability to backup it
I totally know the feeling. I was there, I don't believe for a second that enrolling another key is an acceptable option and I solved that problem in a way that works for me.
You can clone your own security key if you're willing to deal with the problem that now becomes: "How do I safely store the secret allowing to restore another security key?".
I'm using paper seeds, split over several countries. A $5 wrench attack on my mom to have her open her safe won't be sufficient. The attacker would need to $5 wrench another half too, which my mom doesn't have.
Ledger Nano S (supposedly a cryptocurrency hardware wallet but I only care about the U2F support) has a U2F "nano app" installable on the key which shall do U2F (and webauthn, which is backward compatible from the device's point of view... It's not clear to me if it's going to work as a "passkey" too or not). They cost $79 or something.
Ledger kinda knows what they're doing: their CTO was part of the original FIDO spec group.
Buy two of them, initialize them with the same seed. Make sure to secure your paper seed.
In my case the issue of "cloning and backuping a U2F/webauthn key" is solved. But it's a trade off: now I have to deal with storing the paper seed allowing to restore the U2F key.
In exchange for that hassle I get U2F everywhere (SSH being a big, big, big one) and my security keys are protected by a PIN (three wrong PINs and they reset to factory default). And I don't leave with the constant fear of losing my security key and being locked out of all my services / having to reset everything.
As an added bonus that Ledger Nano S has a tiny device telling you if you're registering or authenticating and it's telling you where you're registering/authenticating. It becomes very hard to trick you into registering/authenticating to a bad party.
Also for me to be really in trouble I'd need to both lose the ability to restore/clone another key and I'd need to lose access to the two security keys that are configured with the same seed.
Have you tested this solution? Unless something has changed since the initial spec, each handshake includes a usage counter, which the relying party sees and is supposed to remember. If the usage counter ever fails to increase, then that means something weird happened (like two keys acting as one), and the site can reject you.
There are crude ways to deal with this issue, which are fine if you intend for the second to be used only in case of emergency.
> ESP32 S3 has hardware potential to act as security
You'll probably want a tamper-proof MCU instead (i.e. the type used on payment smart cards and SIMs), if physical access is a concern to you at all.
> without ability to backup it
Your backup can be another security key. If you are concerned about design flaws (of the reliability/durability kind, not security), you can get FIDO-certified keys from many vendors other than Yubico these days.
I was hoping to find how to change the number of GPG passphrase/PIN retries (the default of 3 is panic-inducing after just fat fingering it once) - I did it on one of mine some time ago, but haven't been able to figure it out again recently for another one. Sorry, it's a bit of a tangent, but if anyone happens to know?
Readit News
If keylogger is what you're defending from, yes, it doesn't help. And in this scenario you've probably already lost.
On the other hand, it makes a large portion of the password immune to video-recording you typing the password in. Yes, it's technically trivial to then steal your Yubikey, extract the static password and combine it with the recorded one, but these are still quite some extra steps.
My point is, if a particular service or application doesn't support anything more refined, using a static password as a pepper[0] is perfectly fine and still an improvement over not doing so.
[0] https://en.wikipedia.org/wiki/Pepper_(cryptography)
I use Apple's Advanced Data Protection product. This product gives you a 64-character code you must know. I am probably not capable of committing this code to memory.
I wish I could tell my Yubikey this code, and it would save it.
---
Now, as a US citizen, it is very hard for the government to compel me to disclose a password or a pin code. If the static password feature required a simple password (say 6 characters), with reasonable brute force prevention, it'd make it so that I have a way to protect myself. On the other hand, if it is not pin protected, there is nothing preventing the government from getting a search warrant for the Yubikey itself and using that.
¹: https://xkcd.com/538/
If you have your device in your possession, you also likely have your key in your possession in order to use your device.
From the website:
>The TKey™ is a new kind of USB security key inspired by measured boot and DICE.
>TKey™s design encourages developers to experiment with new security key applications and models in a way that makes adoption easier and less risky forend-users.
>TKey™ is and always will be open source hardware and software. Schematics, PCB design and FPGA design source as well as all software source code can be found on GitHub.
[1]: https://www.tillitis.se/ -- also "tillit" is Swedish for "trust" and "mullvad" is Swedish for "mole" (the animal).
they also support ed25519 FIDO SSH keys, whereas all the cheapo FIDO keys I've tested only support ecdsa-nistp256, but that's a relatively minor difference.
Nitrokey 3 claims that GPG smart card support is planned in an upcoming firmware update. once that's released I may bite the bullet on shipping costs and order one. 55€ shipping to the US for a 49€ key is cost-prohibitive for the most part.
Deleted Comment
The backup functionality (which requires encryption password entry on a computer, i.e. not the device itself) looks especially concerning.
[0] https://developer.mozilla.org/en-US/docs/Web/API/Web_Authent...
Hell, even software based implementations which force domain checking would solve 99% of the problem…
The Solo team believes that other functionality such as PIV overlaps with GnuPG use cases, so that OpenPGP isn't a priority, and their work on that functionality appears to have stopped in 2021. That's too bad, because OpenPGP's network effects far outweigh its pure functionality, which means a technical substitute isn't a substitute.
https://github.com/solokeys/openpgp
But there are indeed alternatives to yubikey. Anyone have experience with https://www.token2.com/shop/product/token2-t2f2-fido2-and-u2... ? 128 resident keys is much better than 25/50
While I have a few Yubikeys in a drawer somewhere, for years I've preferred to use an actual smartcard to store my keys. Sure, it only offers a subset of the features of a USB key, but I've found that I really only need to sign, auth and decrypt data. All the other fancy things like OTP, FIDO, etc., either have alternatives (e.g. pass-otp), or are just not used often enough. I haven't been in a situation yet where I _need_ to use a USB key.
Besides, the experience of using Yubikeys always annoyed me. The touch functionality was way too sensitive, causing many unwanted triggers. Having it always stick out made me nervous it was going to break. And the small USB-C version was often difficult to remove, while also taking up a USB slot.
Smartcards are nice since they're compact and stay neatly inside a laptop, and they use a separate interface for that purpose, instead of the generic USB. I wish more laptops had readers for them.
[1] https://shop.cryptnox.com/products/cryptnox-fido-2-card
[1]: https://www.floss-shop.de/en/security-privacy/smartcards/
Yeah, yeah, security vs. convenience is always the issue, but so far I've just selected convenience.
In terms of the SSH and GPG keys which I use multiple times every single day for me this is convenience. I have my keys always on my person and they are tied to me, and not a particular machine. Whether it's my laptop, my desktop or my phone, I have a single pair of keys that are virtually impossible to steal even on a so-so trusted device like a proprietary phone.
When you start considering a security key as a portable credential storage to use across all your machines, it becomes actually more convenient, not less.
Maybe convenient if you are administrator or something, but for normal life seems unnecessary.
However I can see the appeal of having everything behind a physical factor
You don't need a backup unless you don't trust your hardware at home, just store backup keys on some trusted host, or offline on some storage media, you then only need to buy a new security key whenever you lose yours. Even so, if you DO decide to go the backup route, the backup is not likely to get list and very likely to last much longer than 10 years.
With security keys which have NFC capabilities, you can set things up so that accessing any website from your phone is only a tap away (you need to enter the pin before hand, or every time, obviously choice of convenience here is up to you but if your phone itself is secure enough then maybe this isn't such an issue to keep the pin cached while the phone is on).
The only irritating bit is when you don't have USB-A (there is no A+C stick). But with NFC at least you can use your phone.
I've yet to find a place (in my life anyway) where FIDO isn't accepted. Secures the main things like Google, Namecheap, etc.
The other is that USB-A has all moving parts in the socket (vs. in the cable-side plug), which presumably makes a USB-A key more reliable.
I've had USB-C keys break on me mechanically, so having an A-to-C adapter with moving parts on both sides seems like the best of both worlds (durable security key, durable device-side port, easily replaceable adapter).
>convenience
I always wonder how often someone gets into a crisis because their Yubikey breaks while they're at, say, a conference (ie. far away from the backup, be it another key, or access to recover codes). I recon they can just break when plugged into a laptop that takes a dive.
> they can just break when plugged into a laptop that takes a dive
So can the laptop at a conference. Or anything else really. I just remove my Yubikey after use and carry it in my wallet when not in use. Sure, I can lose my wallet, but I have multiple back-up options for the Yubikey, I mostly use it for convenience.
The USB C version looks more solidly made.
I came across this blog post about a similar offer: https://blog.cloudflare.com/making-phishing-defense-seamless...
but it now states:
> UPDATE: This offer expired on January 3rd, 2023 at 8am PST.
My (sample size 2) theory is that USB-C isn't the best connector for a security key, since it intentionally moves the wear-prone part (i.e. the dust-collecting and mechanical spring involving side) from the port to the cable.
USB-A is completely solid state, and most security keys use the "flat" variant of the plug that further reduces the chance of mechanical damage and/or collecting dust.
Also I have my passwords synced to my phone, which could serve as a mobile backup in a pinch. I currently have it configured to require the key, but I should probably change that now that I think about the possibility of losing the key.
Using the key is more convenient to me than not using it, because it saves me from having to remember and enter a long master password.
Dead Comment
This also works with the YubiKeys "Security Key" series, that only have fido2 and no otp/chalresp.
Here is an article (from yubico) about fido2 pins: https://support.yubico.com/hc/en-us/articles/4402836718866-U...
Why do I care? Because this craze has already reached the real world. Amazon requiring 2FA on deliveries. Wtf is wrong with my passport or other document? Nothing. Now I have to be physically present and recite some fucking code they sent my via fucking email or app if installed.
I can't log in anywhere anymore without having to double prove that the password and email is indeed mine. STOP THIS MADNESS ALREADY!
The good thing is, the launcher app on _my_ PC got the feature (a few years ago) that I only need to use the actual 2FA fob once every few months, not every time I login. It protects me against the most common case (someone logging in with my account/stealing my account) while not getting in the way at all. Unless someone breaks into the apartment, but I'll take that risk.
Still wondering what's wrong with most orgs not even offering the user the choice of "no 2fa/2fa everytime/whitelist this one device for $period".
That's probably not about information security, it's simply Amazon not trusting the gig economy delivery worker enough with an expensive package, so they give you a number only you know and he doesn't, and that's how they verify that he has to interact with you before marking the delivery as done. It's to prevent a common kind of theft.
(I'm not talking out of any inside knowledge on the process, just thought that'd be the reason)
I really feel there's got to be diminishing returns for such policies
For convenient TOTP, you can try this one: https://www.themooltipass.com/
It mostly acts as a keyboard (bluetooth or USB). It supports TOTP, and will type it out for you. It has an internal battery and for TOTP the clock is set by the management application for it.
[1] https://github.com/Yubico/webauthn-recovery-extension
I've been looking into OnlyKey[0] recently. It seems to have sensible backup functionality at least.
Using something The Mooltipass[1] (USB HID password vault w/ TOTP support that has a sensible backup strategy) comes closest to what I want, but not quite close enough. (I'm disenchanted with it because it seems to lean heavily on an app on the host computer for functionality.)
[0] https://onlykey.io/
[1] https://www.themooltipass.com/
The backup functionality seems to completely negate all security benefits of using separate/minimal security key hardware, since it requires passphrase entry on a computer and then exposes the backup file encrypted under that passphrase to the same computer.
I totally know the feeling. I was there, I don't believe for a second that enrolling another key is an acceptable option and I solved that problem in a way that works for me.
You can clone your own security key if you're willing to deal with the problem that now becomes: "How do I safely store the secret allowing to restore another security key?".
I'm using paper seeds, split over several countries. A $5 wrench attack on my mom to have her open her safe won't be sufficient. The attacker would need to $5 wrench another half too, which my mom doesn't have.
Ledger Nano S (supposedly a cryptocurrency hardware wallet but I only care about the U2F support) has a U2F "nano app" installable on the key which shall do U2F (and webauthn, which is backward compatible from the device's point of view... It's not clear to me if it's going to work as a "passkey" too or not). They cost $79 or something.
They're using these kind of secure chips from STMicroelectronics: https://www.st.com/en/secure-mcus/st31h320.html
Ledger kinda knows what they're doing: their CTO was part of the original FIDO spec group.
Buy two of them, initialize them with the same seed. Make sure to secure your paper seed.
In my case the issue of "cloning and backuping a U2F/webauthn key" is solved. But it's a trade off: now I have to deal with storing the paper seed allowing to restore the U2F key.
In exchange for that hassle I get U2F everywhere (SSH being a big, big, big one) and my security keys are protected by a PIN (three wrong PINs and they reset to factory default). And I don't leave with the constant fear of losing my security key and being locked out of all my services / having to reset everything.
As an added bonus that Ledger Nano S has a tiny device telling you if you're registering or authenticating and it's telling you where you're registering/authenticating. It becomes very hard to trick you into registering/authenticating to a bad party.
Also for me to be really in trouble I'd need to both lose the ability to restore/clone another key and I'd need to lose access to the two security keys that are configured with the same seed.
That is highly unlikely.
There are crude ways to deal with this issue, which are fine if you intend for the second to be used only in case of emergency.
> For now I'm using TOTP but it's a chore.
TOTP is your backup, I'd say most sites don't allow WebAuthn without TOTP enabled first.
You'll probably want a tamper-proof MCU instead (i.e. the type used on payment smart cards and SIMs), if physical access is a concern to you at all.
> without ability to backup it
Your backup can be another security key. If you are concerned about design flaws (of the reliability/durability kind, not security), you can get FIDO-certified keys from many vendors other than Yubico these days.
* https://github.com/drduh/YubiKey-Guide#configure-smartcard
... it is:
Now, do I know my admin PIN...