On Thu, Mar 23, 2023 at 09:51:17AM -0400, Greg Troxel wrote: > It looks like the Yubikey 5 might fit the bill.
I am totally happy with my Yubikey and its usage in NetBSD and Firefox (but I use 10_BETA and -current, though that probably only makes a difference for the ssh usage). I am regularily using WebAuthN with firefox for various sites and it works perfectly. I am also using it for Github (to log into the webpage) but also for ecdsa-sk ssh keys (ssh agent pops up and asks me to insert and tap the key whenever that ssh key is used for the first time). For TOTP there are various python and ruby based solutions in pkgsrc/security (and its trivial). I use a few homgrown scripts (few lines) around pyotp, like: print(pyotp.TOTP('MYSECRET').now()) where MYSECRET was the code the web page gave me when registering. Martin