Hi @Petrb, no worries. I thought it might be pretty hard to reproduce, but didn't know if there were any debug options or anything that'd make it easier. I'm using the AUR PKGBUILD of Huggle, as linked above. That uses qt5-multimedia 5.15.12+kde+r2-1 and qt5-webengine 5.15.16-3 if that helps. I don't believe AppArmor or SELinux is interfering. I'm happy to provide a full log, should I just capture the stdout into a file and post it here?

Scratch codes are still applicable here though, there are scenarios where you've lost access to security keys and not scratch codes:

I don't think too many user guides are needed as the feature is pretty self explanitory if you have a security key. The issue is the lack of recovery options. There are definitely scenarios where a user can lose access to multiple security keys and that's in the best case where a user has setup a backup key, I think the majority of users will only have a single key. Is there a reason why scratch codes weren't made available for WebAuthn from the start?