In my opinion the biggest problem with hardware keys is what happens when you lose them. You have to either provision the keys yourself, putting the secret on your computer. Or you have to buy backup keys and make sure to register both with all your services. You’ll end up using your phone or password manager as a “backup.” And then that backup becomes your primary 2FA.
How does NextDNS compare with controld.com?
yup. if you’re running untrusted apps on your phone, make sure to turn off background refresh AND notifications. apps can run arbitrary code when they receive a push message. usually its so they can provide a better notification for the user, but they can collect data and phone back to the mothership too.
You can use Yubikey Manager: https://www.yubico.com/support/download/yubikey-manager/