It seems like if you are on Linux (no Windows Hello or apple Face ID/ touch ID), then your only option for WebAuthn is to buy a Yubikey. Some people (including me) don't want a usb key. I'd much rather use TOTP or to verify using an existing verified device (like how Signal or Matrix does it)
Too bad that they still require a username/password and only use webauthn as 2FA.<p>Why not go full passwordless, with a fido2 token + pincode? It's more secure and you need the token anyway. No password to remember or for an adversary to guess. Even the account can be derived from the token. With Office 365 all I have to do is insert the token, enter the pin, touch it (to avoid remote control abuse) and I'm logged in.<p>Simple as taking money out of the ATM and just as secure.