Can we make the input field for yubikey a password field rather than a plain text field. I know it makes no difference to the security but its just a psychological thing.
Is it at all possible to make the yubikey authentication appear after successful username/password authentication. That way non yubikey users never have to see the yubikey prompt. Only those that the yubikey is active for see the yubikey auth.
Also can you include a way a user can disable yubikey authentication in the event that the user loses his/her key? Thinking it works in the same way as forgot password. But instead the yubikey user is sent a de-activation link to their registered email address.