@ctietze IMHO they don't. Although the certificate stored in the device looks safe enough, they have awesome support for Linux and Intel-based Macs (guess the issues with M2 are worked on) and it's a pretty good idea to store your password store access key outside the machine it's running on, I'm always afraid some day the thing just stops working and I locked myself out of everything.