you need a secure enclave and a private keyring. i assume most would use their phone with maybe an nfc device with secure element as backup. locked by pin / biometrics.