I documented how I did it here, which definitely involves downloading an older version of Steam: https://web.archive.org/web/20240412101635/https://datacu.be...
Some more clever sites asked for my birth year… forcing me to do the arduous work of taking the current year and subtracting 14.
But why? You could have just picked a year that worked, and sticked with it. Obviously, there's no way of telling which year works, but you could have bruteforced that just once. Even if I do have keys, they are safe in my pocket, not sticking out the side of a fragile USB port.
It's difficult, though not impossible, to break your USB port with a Yubikey due to its shape. It's not a regular USB plug and will come out quite easily. but how about when I'm using a mobile and my laptop is in my bag, or at home?
USB-C and NFC variants are quite common. And OK, lets say I solve all that. How do I add a second key?
The same way you add the first--most of the time, you have to scan a QR code. You can scan it more than once. The beauty of SMS for 2FA is that my phone number sticks with me. If my phone is lost or stolen, a new sim card is sent to my home and I have access to all my 2FA authenticaitons.
I'm not giving you my phone number, and mobile providers are known to send replacement SIM cards to random strangers if they ask nicely.