Came across this article recently.

I Won’t Buy a YubiKey — Garrit Franke

In this interesting post, Garrit talks about why he wouldn’t buy a YubiKey and I resonate with his thoughts.

Just like Garrit, I own an iPhone. With the recent technologies from Apple, it’s pretty much impossible to gain access into an Apple product without Apple ID. Sure, biometrics can be replicated, but it would take a very dedicated and knowledgeable attacker to do so. Which is why I take the risk.

I personally use 1Password as my password manager and I have my TOTPs registered in it too. You can argue this is exactly the same as a YubiKey. If you can manage to somehow find out my password for 1Password, pretty sure you can find out my YubiKey’s password too. It’s pretty much the same risk when you compare the both of them. In fact, for someone like me, who loses their things once in awhile, having a YubiKey might quickly turn into a liability.

As long as you have a relatively strong password for your password manager, I don’t really see a need for a YubiKey.