The real issue is that they only allow port forwarding on certain endpoints (and when I was still using them, none of the endpoints that supported port forwarding were in the US which is a headache)

Note that PIA has extremely limited options if you want to be connectable on private trackers

Firefox has an option to set a master password, doesn’t it?

I think the best use case will be to use a yubikey with a password manager. That way it doesn’t matter what sites support the security key directly. You could also set up passkeys with the sites so that once you authenticate with your password manager, the login process is transparent. Once more sites support passkeys, anyway.

So I get very confused over which protocol is which. I think the cheaper keys lack support for OAUTH. Which is required for things like windows login.

I bought a couple of yubikeys but haven’t fully implemented yet. When 1password has full support for using a security key in place of a passphrase, I will consider using them as my primary unlock method.

I have to say that the Google Titan appears to be better bang for your buck than yubikeys. The FIDO2 yubikey is $55 which is pretty pricey considering you will probably want multiple. I’d be really curious if there’s a strong argument against using the Google keys.

They’re referencing HDCP