OMG! What a mess.
Prediction - Passcodes and hardware tokens will fail and be abandoned or not even implimented by most websites.
Got a pair of Yubikeys, intending to migrate them to sites that use hardware tokens. (Actually, I have been intending to do so for a year, at least, but just now finally got around to it.)
They will be fine for nerds and techies - those who already know about long passwords and no reuse and don't click on that "You won't believe..." email. In other words, for those who need protection the least.
The setup for every site is different, always confusing and often non-existent. For example, both Yubikey and Ebay brag about the utter safety of using a hardware token on the site, but nowhere in Ebay (that I have found, as yet) are tokens, Yubikey or the setup of such even mentioned. However, the backup default of a passkey went pretty easily.
Even Yubikey itself has pages and pages of how important it is to use hardware 2Fa. But, "Learn how" buttons lead to other sub-pages that say nothing but, "Easy to Setup. Which one do you want to buy?" Eventually, again if you are really really persistant, (and a nerd) you will find a technical document, in a locked cabinet drawer in a dark basement behind a door that says, "Beware of the Leopard."
For whatever reason, website programmers just cannot get the idea of
"Are you new to (xxx)?"
1. do this.
2. do that.
3. check that this is...
4. and so forth.
The Yubikeys work great once they are set up, but there is not the slightest chance of my neighbors or family making one work.
Passkeys are great when they work, but those are not at all consistent. I log on with one, then go to another area of the site, and I get "Name and Password please." And what is really strange, is for the exact same URL asking for a passkey one day and a password the next.
Doomed, I say!
