We now have the “Inactive 2FA Report”, but it only informs us about the unfilled TOTP codes in the safe. This feature proposal would bring information about the hardware 2FA not used.
Note that I use “hardware 2FA” to refer to standards such as FIDO2/U2F/WebAuthn.
This would allow all Premium users with a YubiKey to know exactly which additional accounts they might want to protect with their key.
This feature requires between 2 and 3 different implementations :
Add support for detecting sites that support hardware 2FA, which is easy with sites like 2fa.directory.
Add a button in the entries of type “Login” to be checked in case we have the hardware 2FA activated for this site/these sites.
Eventually, propose a button in the settings to indicate that you do not have YubiKey, which will not propose this type of 2FA in the report .