You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Keep in mind that this depends on your use case, e.g. a key keeping SSH keys needs to be more secure than a key used for FIDO U2F login for a handful of websites, because the latter is a second factor only and easier to revoke/replace.
Also keep in mind that open does not mean secure, I've seen some absolutely abysmal firmware in "open" firmware projects along these lines too. I guess what I'm asking is whether it's worth doing #2 "right" with the caveat of being vulnerable to physical attacks.
Are you sure #1 is not vulnerable to physical attacks?
No, it just ostensibly tries harder than #2. I honestly have no idea why absolutely no secure element vendor has tried opening up their docs. It's ridiculous.
What's interesting with #2 is once you have the software right and solid, you can move on fixing the hardware while still being open and once you get #3: secure ("good enough") open hardware & secure ("good enough") open software, I don't believe it's absurd
I'd say of you are shifting from passwords to a better solution then physical attack is still out of scope Well that's my position & why I'm writing my own FLOSS SQRL token code implementation Though I will give a nod towards encryption at rest & a signed boot chain
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
