I must admit the various forms of hardware keys confuse me. But, if I understand, they should be the best form of authentication since they are a physical object. (With the downside that they can be lost or stolen.)
This is what I expect to able able to do with a single hardware key:
- validate my BIOS on startup
- unlock my full-disk encryption
- log into my operating system
- unlock my OS keyring
- log into multiple websites
- encrypt/decrypt my mail with PGP
- authentication and encrypt in other desktop apps (storage, password manager, messaging…)
- wherever possible, use the hardware key rather than username/password or TOTP/HOTP
- do all of the above on my phone, with the same physical hardware key
- have a backup hardware key
I understand that a lot of this depends on software implementation, so it would be ridiculous to expect this to exist for all devices, apps and services today. But as far as I understand there is no hardware key that could be used for this purpose even if the software did exist, because each model from each vendor supports a different subset of hardware features.
