At the very minimum, this requires physically interacting with the security key (by touching it), which prevents software from silently using the key to authenticate in the background. Then again, if your entire machine is compromised you basically have a MITM attack so close to your side of the channel that it is virtually impossible to do anything about it.