Here are some items that are potentially useful to know when setting up a hardware key (i.e. Yubikey) for online security.
1. Yubikey is grossly overpriced. HyperFIDO has fully compatible keys at a quarter of the cost, and they even protect the USB plug contacts - something Yubikey does not do.
(Why most key makers choose designs that expose the USB contacts, I will never understand.)
They also have a mini version. Reviews say it is not as well built, but at this price, you can afford to buy spares. Plus it comes with a cap to keep grunge out of the USB plug.
Unfortunately, they don't have a Bluetooth / NFC version. For that you should consider a Feitian at half the cost of a Yubikey.
2. You can't use Firefox for setup. You can use Firefox for ongoing use, but to set up, you must use Google Chrome.
3. With Google, you can add many keys. I was able to add five to my Google account. If there is a limit, I've not found it yet.
This is most excellent since you can have multiple keys for difference purposes (desktop, laptop, travel) plus pre-registered backups stored in a safe place for when you lose/break your primary key(s).
4. You still need your passwords. Hardware keys supplement passwords, but - currently and somewhat oddly - do not replace them.
5. Phone/text verification is fairly secure, but not as secure. After you enroll your keys, you should consider removing your mobile as an option for 2-step verification.
As far as I know - and I've not yet tested - for ordinary two-factor authentication, you can use a physical
key for your desktop, but you do not absolutely need one for your mobile. I intend to find out as soon as I can.
however, you enroll in the Google Advanced Protection program, you (apparently) must
have at least one key for your mobile. This usually means a Bluetooth or NFC key, though USB-C keys are also available.
- Adding and removing keys is a snap.
- The LED light on the Mini is fairly bright. There is an LED on the Titanium also, but it is not obtrusive.