Even with a dozen backup yubikeys and spare codes written down I’d still be much more likely to lock myself out than be attacked.
I am not sure this is true. Most people regularly get phishing e-mails and apparently fall for it.
SMS and TOTP (due to the window of time the TOTP code is valid) only provide limited protection against active phishing attacks, since phishing site can 'proxy' the the SMS/TOTP code besides the password.
I think I would prefer losing access to an account (since I make backups of critical stuff anyway) than my account getting compromised, which could lead to identity theft/fraud, etc.
I am not sure this is true. Most people regularly get phishing e-mails and apparently fall for it.
SMS and TOTP (due to the window of time the TOTP code is valid) only provide limited protection against active phishing attacks, since phishing site can 'proxy' the the SMS/TOTP code besides the password.
I think I would prefer losing access to an account (since I make backups of critical stuff anyway) than my account getting compromised, which could lead to identity theft/fraud, etc.