Can you define what you mean when you say security keys “won’t work”? Do you get any errors? Can you add security keys in your second factor preferences successfully? Is the problem with using them on login?
“Try a different security Key. You’re using a security key that’s not registered with this website”. I guess maybe that’s coming from Chrome and it remembered the hostname of the production server?
Thanks for that, makes perfect sense. Security keys as per the specification are tied to a single hostname as the “Relaying Party”, so keys defined in production will not work for staging.