I would argue that if the attacker has physical possession of my yubikey, that alone means the accounts tied to it are vulnerable. While the information isn’t technically wrong, I feel like that headline is misleading and this isn’t as big of a deal as some would like to make it out as.
How many times are you going to post that link? We have seen it, and at this point you’re just spamming.
We get it, you don’t like Kagi. Stop spamming the thread.