It should be safe. It only shares the secrets with legit domains. That’s one of the powers of this tech: it won’t share your secrets with something that looks like a legit domain.
No, some of the functionality is definitely accessible without that, e.g. if you use ykman oath accounts code on Linux to read the TOTP codes you don’t need to click and I seem to recall some of the functionality has a configurable click requirement.
It should be safe. It only shares the secrets with legit domains. That’s one of the powers of this tech: it won’t share your secrets with something that looks like a legit domain.
but without physical - click - key will be non accessible?
No, some of the functionality is definitely accessible without that, e.g. if you use
ykman oath accounts codeon Linux to read the TOTP codes you don’t need to click and I seem to recall some of the functionality has a configurable click requirement.