This was an interesting read on Wired. FIDO2 support on a huge platform like Android will hopefully get Apple off it’s butt for iOS support of this standard. I hope it also pushes a lot more websites to support U2F. It would go a long way to making the web a much safer place.
I have a YubiKey which is a fantastic security tool when used with websites that support U2F. Unfortunately Chrome is the only browser that fully supports it out of the box. Firefox 57+ also supports U2F but it is not turned on by default. Most unfortunate is the lack of websites that support U2F. TOTP is security theater. It’s much better than SMS-based codes but not by much as it’s still very easy to spoof someone into giving up the right code. You’re still better off just using strong passwords.