USB/NFC hardware keys are pretty good though, they are just the current form of smartcard hardware keys that have been around since the late 1990s for high security environments. If you worked for certain federal agencies or private sector companies, you might have used them. They are old technology at this point that has more recently been introduced into the consumer space as platforms and companies face backlash for constantly having security breaches.
I have used them (coincidentally, with Okta), and they are pretty neat! I actually choose to use them instead of a smartphone app where I can, because it's much faster to use. I'd recommend them to companies as a good measure.
They are still effectively 2FA where it's just a lot harder to work out the proprietary system with which the password is encoded. So it is a sort of a 'security by obscurity', but the likelihood of someone going through all the work to disassemble your key and work it out with you noticing / before the key gets invalidated is pretty low, so unless you're protecting something super-duper high value (and assuming the manufacturer hasn't screwed up too badly), they'll do a good job.
USB/NFC hardware keys are pretty good though, they are just the current form of smartcard hardware keys that have been around since the late 1990s for high security environments. If you worked for certain federal agencies or private sector companies, you might have used them. They are old technology at this point that has more recently been introduced into the consumer space as platforms and companies face backlash for constantly having security breaches.
I have used them (coincidentally, with Okta), and they are pretty neat! I actually choose to use them instead of a smartphone app where I can, because it's much faster to use. I'd recommend them to companies as a good measure.
They are still effectively 2FA where it's just a lot harder to work out the proprietary system with which the password is encoded. So it is a sort of a 'security by obscurity', but the likelihood of someone going through all the work to disassemble your key and work it out with you noticing / before the key gets invalidated is pretty low, so unless you're protecting something super-duper high value (and assuming the manufacturer hasn't screwed up too badly), they'll do a good job.