I'll give you "site specific" but I'm less confident on "can't be stolen." If the computer can fetch them to use them something running on the computer can too. Of course even "site specific" is valuable in the "gmail account" or "apple ID" world. The last Kreb's article was something like $30 each for gmail creds.
Also my computer doesn't have a secure enclave because I'm keeping it disabled to prevent my machine from upgrading to Windows 11 :-). I wonder what it would try to do in that case.
That said, are people putting their cryptowallets in the secure enclave too these days? That would be new information for me.
Or you can use an external hardware security key; the latest versions of most security keys (like YubiKey 5, Nitrokey 3, etc) support Passkeys. Passkeys are basically just U2F 2.0, allowing you to use an asymmetric key pair as the first factor instead of the second.
Thanks for that, Yubikey notes that you cannot copy passkeys (this is good!), but now I'm wondering if I can have multiple passkeys (for a backup key)...
Also my computer doesn't have a secure enclave because I'm keeping it disabled to prevent my machine from upgrading to Windows 11 :-). I wonder what it would try to do in that case.
That said, are people putting their cryptowallets in the secure enclave too these days? That would be new information for me.