Hardware security keys for offline passwords and encrypted storage

Toomanyuserprofiles

Does anyone use yubikeys or similar with their GOS?

I ditched qubes as a daily driver because of practicality and complexity.

But moving away from that model I do find myself missing an offline vault qube. As I understand it these keys push the requested passwords forward in a safe way, but do they actually protect your passwords from being exposed if that GOS user profile is compromised, however unlikely that may be? I guess that question relates more to password storage than hardware 2fa, but hopefully you see what I'm getting at.

Next question is more about privacy.

Do these hardware 2fa/password keys phone home with each usage, telling the manufacturer when and where devices are logged in from? If so is that mitigated by VPN/TOR/Proxies?

de0u

Toomanyuserprofiles Do these hardware 2fa/password keys phone home with each usage, telling the manufacturer when and where devices are logged in from?

In general, no - they have no network access. I did read about one with TOTP support which uses a web app provided by the manufacturer (to provide time). But the general idea is that your laptop/phone uses the network to negotiate with the server you are authenticating to, while the FIDO2 key contributes key storage and challenge signing.