Open-source doesn’t matter that much in here because good keys need to have a secure element, which will always be proprietary.
What matters is for the firmware to be upgradable, YubiKey’s non-upgradable firmware is an absolute joke.
-
Make sure that you receive the key with the latest firmware. I checked YubiKeys that are selling in my country and couldn’t find a clue on what version of firmware they have.
-
Pray that a new security vulnerability isn’t discovered in your YubiKey, if it’s, then pray that YubiKey will replace them for free. After that, go through all of your accounts and register the new keys.
-
If new features that you really need or want come out in a newer firmware, then be ready to pay up again.