Are powered up Hive, stored on a key like this, still powered up? Can you point to somewhere that you've explained what's going on here?
Is this just a more secure way of storing the keys I currently keep a master version of in 1password and then in various signing apps like Keychain and eSteem on my desktop and my phone?
I suppose a smart thing to do would be to power up into a cold stored account with the keys on a safe device like this then delegate that power to a working account. Is that a sort of use case?
Your hive are on your account. The only thing a hardware wallet would do is allow you to have a key that controls some aspect of your account in the wallet and never accessible outside of it. It greatly reduces the risk of key theft.
I imagine someone might update their owner key and/or active key with the ledger and leave their posting key something they frequently use on the computer. If the posting key gets stolen they can easily change it with the owner key.
Users should never be using their owner key on their main computer. If it gets stolen they can likely lose their entire account if they don't notice and act quick enough.
The master password or key or whatever it is called is another hugely contentious thing to store! (I dearly wish we could all agree what that is called because there is non standardisation and it causes chaos with onboarding new users).
Right now I'm set to do a support call in 1 hour with @csb1 who first tried and probably failed to create an account via 3speak and then succeeded using the new Hive Onboard from @hiveonboard @roomservice but I think he'll need help figuring out which set of keys are the ones to use.
There is no such thing as a "master password" as far as Hive system is concerned. The master password you refer to is a single implementation of deriving the full set of keys. It is just a convenience thing.
For instance, instead of having 4 different key pairs that are not derived from a single source, you can have a "master password" that derives your keys and if you lose your keys you can derive them again with the master password.
With the ledger, your master password would be your recovery phrase on the wallet. Aka the bip32 key phrase. The keys would all already exist on the ledger so there is no need for you to have a special master password outside of the recovery phrase ledger gives you (which you will never ever use unless you need to resetup your ledger)
Now, if you want your posting key and memo key to not be on the ledger for instance, you could generate two keys from some master password like we currently do and use those. You would just update your account owner and active key to ones on the ledger, and either not change your posting/memo keys or change them to a key pair you have access to on your computer.
After more than a year here, and a background in computational physics and having been listening to Security Now podcast for over a decade I understand enough about modern encryption to have a tenuous grasp on what's going on.
Somewhere between me and my parents, however, is where we have to move to before we get any kind of mass adoption! Work in progress....