Your comments
This is for password integration/management, not just for 2FA on the login screen.
2022.... where are we at on this?
I would like to see this as well.
There should always be a backup administrative account to everything; and yes it should be secured as well. This actually provides you with redundancy in access, but having two yubikeys on a single account does not. An account can become corrupted or broken, or a poorly designed policy or setting can lock you out (O365 actually warns you about this when making Conditional Access changes) etc.
I walked into a really bad AD environment once where the Administrator account was corrupted somehow and you couldn't login. With some discovery, we determined an old employee (CFO) had made himself a domain admin and they were able to reach out to him, AND he remembered his password, and we were able to at least get things sort of functional again (before starting over from scratch).
Most products with 2FA have some form of recovery built in also, like a PIN code that should be secured.
I dont want to hijack this thread any more... I just think allowing multiple Yubikeys on a single account goes against the security that a Yubikey provides, and as you pointed out, even if this was added...How many is enough? 2? 3? 5? Whatever limit they set isn't going to be enough for someone.
I think I get around most of your concerns by A) carrying my Yubikey so I dont need more than 1, and B) having a secondary admin with their own Yubikey (and if it's not something you want someone else to have access to, make a second admin account with a Yubikey that you keep in the fireproof safe).
That's fair, but I'm looking at this from the perspective of security, not from the perspective of a company who's sole source of revenue is selling more Yubikeys. To each their own I suppose.
I think you all have missed the point of 2FA and Yubikey's.
Customer support service by UserEcho
I'm probably going to retire before I see this haha.