If you honestly think that those two and three factor keys wouldn’t be compromised, I’ve got a bridge I’d like to sell you.
Matter of fact, look up what happened when Sony under the Lenovo division were caught with a rootkit in their software and the damage done to Lenovo-based laptops as a result. You’re operating under the assumption that manufacturers (AND THE GOVERNMENT?!) are doing everything by the book and according to industry standards. Having worked for the government, and can tell you first hand that nothing could be further from the truth. Government workers are some of the laziest, most incompetent IT people I’ve ever had the displeasure of working with.
As soon as a “backdoor” is put into something, ANYONE can use it if they find it. I’ve done white hat stuff for several years now, and it would make you shit yourself if you knew how easy it is to break into most modern clients.
[some of the laziest, most incompetent IT people Ive ever had the displeasure of working with]
Oh, the stories I could tell.