Fair enough. I wasn’t familiar with these other options that counted as 2FA too.
Seems legit if all components client/server are libre.
AndOTP is interesting. Something like OpenAM which is a server side HOTP implementation can be used with an open client like AndOTP, KeePassXC.
Overall a good idea if you are not communicating with a surveilling PRISM server and you’re signing on to an onion.
Does Yubikey security depend on its hardware security? Was its hrdware ever open? It seems its software was at some point but that changed with time.
Code was discovered broken by black box testing. I don’t think YubiKey should be recommended anymore.
WYSIWYS sounds nice. Do you know any implementations of it?