Sorry, as IT person I have to disagree, app based MFA is just way much easier to maintain instead of HW keys.

Re-writing a 6-digit code is easier than tapping a USB device?

Open an app, find the one number for your specific app among the bajillion you have, oh the timer is almost out and you forgot halfway through, tap back in the app, oh the fucking app scroll all the way to the top again.