The reaction from the average IT architect is to just select another vendor that provides yet another closed-source, blackbox hardware security solution, backdoored by who know which government(s) &| other entities. Open source hardware is (un)fortunately a necessary requirement (verilog/vhdl, firmware sources and no blackbox SoCs), samples of which are periodically verified by destructive and nondestructive means. Very, very costly, but doable and raises confidence.

Authy was already on its way to doing it anyway. Glad to see it sped it up for a YC alum.