Imo that it's not phishable and that there is no secret on the target server is even more useful in practice. And both those properties don't require physical isolation.
To nitpick: s/there is no secret on the target server/the target server never sees the secret/
With proper password storage the target server never keeps the password. It course that is difficult to verify. With U2F the secret can't store a secret they can't see.
kevincox|3 years ago
With proper password storage the target server never keeps the password. It course that is difficult to verify. With U2F the secret can't store a secret they can't see.