I have a question about hardware security keys. Like a yubikey.

I have not actually used one before so maybe I am missing some critical information.

Aren’t they inherently less secure than a TOTP code?

If someone ( like a evil government ) gets your key and knows your password for a particular service or device, they can login.

If these same people try to login but it is secured with a TOTP code instead, they would need access to my phone, which requires a password to unlock and then biometric validation to open TOTP app.

I mean yeah, they could just beat me with a large wrench until I agreed to login for them, but that is true with any method.

I’ve heard that in the US, the 5th amendment protects you from being forced to divulge a password, but they can physically place your finger on the finger print scanner.