> This is not an option for the vast majority of people

A bank SD box costs $50/year. Why is this not an option for a majority of people? If anything, it's more accessible to use a bank SD box than being a technical enough person to run code from a GitHub repo.

> But While we are at it, if the government wants to confiscate your bank locker they totally can and have access to all your secrets. So then what do you suggest?

The bank SD box isn't full proof (as any bank employee could take a peek), which is why you'd want to shard the secret into multiple SD boxes. I.e. if your secret is ABC, you could store three secrets of AC + AB + BC, wherein you need only 2/3 to recover the entire secret. This scheme is effectively the same as Shamir Secret Sharing, but way easier to recover.

If your threat level is that the government might confiscate your bank locker, then you're probably at the level that you'd want geo-distributed sharded secrets in privacy-centric countries like Switzerland.

This is interesting, never heard of Bank SD box and the way you describe distributing the secret is novel. Do you have any links to a practical implementation?

The government can totally take and use your Yubikey as well.

Or often also just ask the service that you’re protecting a login for for your data directly.

If you're using a service.

But there are actual setups where storage can be encrypted with a Yubikey, and the Yubikey is protected by a PIN that's in your head, and other possible factors, so now we're in $5 wrench territory.

Yeah the only thing that can beat the $5 wrench is plausibly deniable encryption + training to pass a polygraph.

Very few people have this threat level and the will power to go that far.

And all YubiKeys die it is just a question of when.