I just found out that CalcKey(and I’m assuming it’s pulled from Misskey code) supports registering FIDO2-compliant hardware keys for added authentication protection (in addition to the TOTP MFA option) for accounts. I don’t know how much more work would be needed to add that to Akkoma, but I think it would be an awesome thing to have for Akkoma as well.
Possible references:
Frontend Client (Pleroma FE) GitHub - github/webauthn-json: 🔏 A small WebAuthn API wrapper that translates to/from pure JSON using base64url.
Backend Instance GitHub - webauthn-open-source/fido2-lib: A node.js library for performing FIDO 2.0 / WebAuthn server functionality