Hi,
I see some reasonable pushback on using U2F keys instead of master password and I understand it. Worse, some keep implying that ✅ 2FA when 'unlocking' - #98 by tgreer adds exactly that feature when you are fully logged out and are forced to input both a password and a 2FA token. I share the same pain point as the people how asked for 2FA unlock (not 2FA login), however. I also see some pushback on 2FA unlock, I address that at the end of my post.
Let me try to reframe it in a better way. Can you let users use U2F keys instead of a PIN and show a warning that using U2F keys without any protection like a fingerprint sensor is a (physical) security risk? Lack of this option makes me set the lock period longer than I would like to.
While I respect this point and somewhat agree with it, I think people should be in control of their computers, not the other way around. What you are saying is that if people leave house keys under a door mat, the lock provides no security and it would devalue trust in the lock manufacturer. If anyone went on TV saying that, viewers would just have a healthy laugh. I think educating users is always better than telling them what to do.
Cheers,
Andrew