Use case or problem
OTP is nice but these are even more secure
Proposed solution
Add passkey and/or security key support
Fido keys do add phishing protection but uptake has been slow as (1) some companies have a policy that does not allow devices to be connected to the USB ports and (2) a lot of authentication servers still don’t support Fido device yet. To some extent passkeys have started to be used as they offer options where the users don’t need to purchase fido keys (mobile phones and desktop computers can be used instead).
Interestingly I tested protecting access to my account using a Fido key and found that I was able to set it up without issue as a second factor, but when attempting to add it as a passkey all appeared to work, but after registration the process seems to have failed.
The registration process seems to work fine for both methods, but after registering the key as a passkey (and getting the passkey added message) I get the message “The passkey registration process either timed out, was cancelled or is not allowed.”.
I performed the test using a SafeID/Fold FIdo2 key, and attempted to register as a resident security key and I am surprised the attempt worked fine as a security key as a second factor, but not as a passkey.