For a cheap alternative you can use an old smartphone, and disable all radios. People will use a Librem 5 in 20 years still for this purpose wink.

No, most of them connect over USB. The important thing is reducing the attack surface to a bare minimum with simple protocols and implementations.

I think at a minimum it would need to emulate a keyboard to type out complex passwords. Ideally it could also receive simple commands from, say, a browser extension to request filling in a specific website.