For our business I am looking to implement 2FA.
I am looking to reduce the risk of ‘shoulder surfing’ by using a key so in the case someone knows the password (keylogger, shoulder surfing) they still need the physical key in order to obtain access to:
- Bitwarden Password manager
- Protecting Elektrum seed / password (in one case)
Some of these offers are ‘passwordless’ while others seem to work with a pin, that can be circumvented with the passphrase if you do not have the key at hand.
What key and setup would be the best defense against shoulder surfing?