we're using 2-factor-authentication with u2f-key like the yubikey on all of our devices at boot, on our backend-websites, facebook, google, ...
It would be very cool if royalts could also implement it. It would be also a good solution for user management, cause you only have to maintain a list of keys in the rtsz-file.
For understanding: It's not about replace password authentication with the key. It's just a seconds factor, so you need to type the password ... but if you only have the password without the key, the password is useless.
And yes, it's a well implemented, standarized, proofed solution with stable apis/librarys. It's also direct implemented in firefox/chrome.
https://en.wikipedia.org/wiki/Universal_2nd_Factor / (german is more detailed: https://de.wikipedia.org/wiki/U2F)
What do you think about it? Would be very nice to have on unlocking the rtsz-file...
this is on our roadmap already. It's quite a huge effort to change our document code to make this work but we will implement this as soon as possible.