In my opinion the biggest problem with hardware keys is what happens when you lose them. You have to either provision the keys yourself, putting the secret on your computer. Or you have to buy backup keys and make sure to register both with all your services. You’ll end up using your phone or password manager as a “backup.” And then that backup becomes your primary 2FA.
I tried Mullvad’s DNS service and found that it messed up sites that rely on geography based DNS routing. For example, I’d get sent to a service’s servers in Singapore instead of the US. This caused some noticeable lag.
yup. if you’re running untrusted apps on your phone, make sure to turn off background refresh AND notifications. apps can run arbitrary code when they receive a push message. usually its so they can provide a better notification for the user, but they can collect data and phone back to the mothership too.
You can use Yubikey Manager: https://www.yubico.com/support/download/yubikey-manager/