It depends what you use it for, and how you set it up. Aside from the Heads/Librem specific features, this is basically the same as a NitroKey/YubiKey. So:
- For use as a key storage device / GPG smartcard, you should have the usual contingencies in place (e.g. backups of decryption keys, alternative signing/auth keys). Only GPG nerds are likely to use this feature.
- For MFA use, you can list an additional device as another acceptable factor. E.g. a second key, or an authenticatior app on your phone.
The Heads boot validation stuff is non-blocking; you can still boot into a system without verifying the boot partition/BIOS. Alternatively, there’s no reason you couldn’t fall back to TOTP on a phone, though I’m not sure if the interface supports that currently.
Source: I put everything on a YubiKey, then lost it.
- For use as a key storage device / GPG smartcard, you should have the usual contingencies in place (e.g. backups of decryption keys, alternative signing/auth keys). Only GPG nerds are likely to use this feature.
- For MFA use, you can list an additional device as another acceptable factor. E.g. a second key, or an authenticatior app on your phone.
The Heads boot validation stuff is non-blocking; you can still boot into a system without verifying the boot partition/BIOS. Alternatively, there’s no reason you couldn’t fall back to TOTP on a phone, though I’m not sure if the interface supports that currently.
Source: I put everything on a YubiKey, then lost it.