Pretty sure you can use YubiKey as 2FA (as they support FIDO). Or 1Password (or any other OTP generating app).

Can you elaborate what is concerning here?

I, for one, want the developers of the software I use on a daily basis for sensitive stuff to secure their accounts properly.