Yes. But that'd just be a TPM on a computer, in hand held form.

A laptop and a phone are both general purpose computers with "TPM chips", so "you could implement that on android" is as true as "you could implement that on a white computer".

There was something about Macs. It took them a while to get a TPM. But I think now they do, so macs can do it too.

▲

spwa4 5 hours ago | parent [-]

It could require you to confirm with a fingerprint though. So it's an actual second (or third) factor.

	▲	knorker 4 hours ago \| parent [-]
		Ah, I guess by "that" you meant the touch part, not the uncopiable part. There are many ways to implement this. I think some Chromebooks have FIDO gated on a physical button. If you have an unlocked device with keys usable requiring a mere touch, I'm not sure fingerprint adds much value. A button would be enough. Actually checking with fingerprint only addresses an extremely narrow attack where someone who wants to attack you steals your device (so already physical access, meaning not DPRK hackers) while it's unlocked, and only getting a window of opportunity until you've called your security department to lock your account. … and yet this attacker would NOT be willing to use force against your person, to make you use your fingerprint. Sure, if that's a threat model that's worth your time, use fingerprint too. Keep in mind that already going from software only (and arguably this includes OTP app on your phone) already means effectively going to zero. Google moved to security keys and says “We have had no reported or confirmed account takeovers since implementing security keys at Google” — https://krebsonsecurity.com/2018/07/google-security-keys-neu... So there are extreme diminishing returns after just security key with touch. An app solution even gets a callout in that article as being not as good.