Submitted this because although some sites like Vangard allow you to used a security key like SecurID or Yubico FIDO they still require you to have SMS security codes enabled incase you don't have your key. This makes invalidates any additional security keys have over SMS on your account. Would be very interested in HN community's thoughts on this.