+1

I recently tried to register my new Yubikeys with different services. Most Internet services like Gmail, Apple ID, etc all offer the option to use software-based authenticator apps or FIDO-compliant hardware keys. But almost all the traditional financial companies (banks) use SMS-based 2FA (some don't even allow Google Voice). Cell phone numbers are susceptible to SIM swapping attacks. Brokerage firms at least offer Symantec's VIP Access (which is a lame solution). But the banks are moving really slowly. Airlines and hotels are the worst. And Marriott is the worst among the worst.