Hi, cool article!

When you say ykpersonalize.exe was the the path of least resistance, compared to ykman.exe, what are you referring to then more specifically? Is it that ykman requires a full installer? It's interesting for me as the maintainer of that tool :)

The command to generate a 16 character random static password in slot 2 with ykman is:

$ ykman.exe otp static 2 --generate --length 16