So the threat model is someone physically stealing your phone and guessing/seeing your password. The #1 proposed solution is a Yubikey. Can't they steal that too?

▲

burnt-resistor 4 days ago | parent [-]

YK's FIDO2 action can be passphrase protected. Mine has passphrases for FIDO2 and gpg. So stealing it won't help anyone.

	▲	voxic11 4 days ago \| parent [-]
		But the whole premise is that the attacker is able to guess/see your password.