Thank you making me smarter!

There is one thing i don’t understand though. Wouldn’t the password manager need to have its window focused to clear the clipboard? And wouldn’t that allow any focused window to extract the information in the mean time?

Passkeys were very much vulnerable, based on the original articles charts.

I get that.

I think you can get the same amount of storage for the same price to use for a seperate VPS from them too.

Hetzner has managed Nextcloud hosting with add-ons for ~5€/month.

Sound about right. A YubiKey will print a one-time password when touched, by default.

Did you set focus stealing protection to strict? And verify the applikation isn’t running through xwayland?