Starting with the CTAP 2.1 standard, there is a largeBlob extension in the standard that allows for storage of a small amount of arbitrary user data. The current libfido2 library implementation uses a largeBlobKey provided by the authenticator to encrypt the data in userspace before storage. However, at least on a Yubikey, obtaining the largeBlobKey does not require User Presence, which IMHO lowers the essential security guarantees that a hardware authenticator normally provides. Recently got myself a set of Yubikeys and tinkered with them for a while. It seems it is also perfectly possible to use the hmac-secret provided by a Yubikey to encrypt one's data in user space and then store it in the largeBlob array on a Yubikey. Importantly, requesting the hmac-secret does require User Presence.

That combination is hardly documented anywhere. And so I somewhat skeptical about my unorthodox security solution. Sharing on the off-chance a security expert would comment.