> goes in your USB A port on the laptop or dock and it just stays there
If it's always there, then why isn't it just a file on the disk? Why should I need to buy a new piece of hardware and permanently sacrifice one of my USB ports. Client certs have been the "something you own" for decades and the main problem with them was that using them didn't involve any JavaScript, which is blasphemy in modern web dev and so they were killed (with the help of EU bureaucrats). And now that basically every computer has a TPM, you can even satisfy the "not extractable" requirement, which was the only actual advantage of a yubikey.
If it's always there, then why isn't it just a file on the disk? Why should I need to buy a new piece of hardware and permanently sacrifice one of my USB ports. Client certs have been the "something you own" for decades and the main problem with them was that using them didn't involve any JavaScript, which is blasphemy in modern web dev and so they were killed (with the help of EU bureaucrats). And now that basically every computer has a TPM, you can even satisfy the "not extractable" requirement, which was the only actual advantage of a yubikey.