Two factor authentication (2FA) has long been the gold standard for securing online activity. Among other benefits, it can make password managers even more secure. As Apple legal tech guru Jeff Richardson explains at iPhone J.D.:
With two-factor authentication, it is not enough for the hacker to have your username and password; he must also have access to a device in your possession (such as your iPhone) which displays a number that changes every 30 seconds. If the hacker is in some foreign country across the globe, he won’t have that, and his attempts to access your account will fail.
Legal ethics guidance sometimes recommends two factor authentication as a way to keep lawyer communications more secure.
Hard-based authentication, requiring a physical token for access, has some significant advantages over other methods.
Ars Technica article explains why recent advances in interfaces between iPads and iPhones and the Advanced Protection Program (APP), a security plan for high-risk users that requires hardware keys for account access much easier to use.
One drawback: If a problem develops with APP, it is much harder to fix than merely requesting a password change link. The Ars Technica article explains this risk and an approach to reduce the risk:
A word of caution, though, for anyone—regardless of what OS they’re using—considering APP. Once it’s turned on, the process for recovering accounts in the event of a lost password or keys is much more rigorous than normal and may start with a days-long “cooling off” period that locks users out of their accounts. Because they’re phishable, recovery codes aren’t an option with APP, either.
To hedge against the possibility of all of one’s keys being lost or destroyed, users can enroll as many keys as they want, and some can be kept off site, such as in an attorney’s safe or with a trusted friend.