I should add an area to look into if you are in this area is something I have not fully developed though. Using 2 accounts in a multisig manner for 2 factor auth, so log into your phone and computer say to access your account. Not yubikey but could be linked in this manner I feel. Anyhow it’s worth considering.
The other area is site visits logins in SAFE, using a SQRL type HMAC solution means unique verifiable visits where we can get the private key per site / location and, well basically do what SQRL does. This also links into the furthering security conversation. I am way into routing structures right now, but this will be a big focus soon.