Imagine if this was a action movie and these were the protagonists.

So I'm right there with you lamenting that we ended up with these two as the only likely choices, but I don't know if I would want "action movie protagonist" as the metric for what would make a "good" president.

And at least in some distributions, they do exactly that, a number of aliases for the same interface. And you can add your own.

Finally, my life-sized hotwheels car can have a suitable route.

I'm guessing they have a job like mine, where a driving trip is a relatively rare occurrence and micromanaging the travel isn't worth it to mitigate the risk of paying out a little more.

Indeed, but some "security" guys frown deeply about the private key ever leaving a specific hardware device, because the second it can be backed up they freak out that it could, theoretically, be stolen. It's hardly a practical concern, but there's a lot of security people that don't care about practical considerations.

While true, other scenarios do come into play, like "I'm using a FIDO key but I dropped it down a storm drain". Meaning you pretty much have to provide some recovery mechanism, since you can't really require the user to have a backup device.

Basically, you have:

• TOTP - no particular investment needed, so very popular, but a bit onerous
• Various MFA vendors that tie into their cloud services. I hate these since it means I generally have to get additional apps, with uneven platform support
• Webauthn/Passkey - Cool, integration with my phone, a Fido usb key, windows hello if applicable, no need for external service, uses asymmetric encryption so it's not shared secret and it's more convenient.... Almost no one bothers to implement it for their service though, despite it being pretty damn easy.

Yes, shared secret based, but not a big deal because it is machine generated and unique per account. The 'server has your credential' is only a problem if the credential is reused across services. If you have access to read TOTP secrets from the server, you probably don't need those TOTP secrets to further compromise the service.

But webauthn/passkey is a better approach. Properly managed SSH keys are good too, but folks aren't too happy about how ssh keys are commonly pretty lax. Client certificates similarly would have worked, but never took off. Similar story for smartcards.

Nice... Wait a minute...

Yeah, that's a grandmother, so what?

Just have a bookshelf behind you during the interview, you'll be golden.

Or maybe have the oval office as a backdrop, that might really make you qualified.

While true, exercise is very important. For example if you are sedentary then that visceral fat screwing up your pancreas is extra risky because you also build up insulin resistance.

Even if they don't lose that much weight, it at least mitigates some of the risks increased by being overweight.