Security keys like Yubikey's give you the ability to log in to a website by simply inserting it and pressing a button. You do not even need to enter your password, let alone generate a unique code. While the method has its own vulnerability, it's safer than two-factor authentication, considering it's based on a physical element that you can lose, especially if you send a code that sends you SMS. Hackers can intercept messages sent to your device, giving them access to your account.
Unfortunately, the Universal 2nd Factor (U2F) ̵
1; that's what you call the type of multi-factor authentication that uses physical keys – is currently very limited. You can already rely on it for protection in Chrome, but you would have to manually enable it in Firefox by first calling "about: config". Microsoft will introduce U2F compatibility for Edge later this year, and Apple has yet to reveal whether Safari will ever support the standard. In addition, only a few websites and services can be used, including Facebook and password managers such as Keepass and LastPass. It remains to be seen if Google's positive experience with the standard can help it get more widespread, but it's definitely the kind of meaningful testimonial that could give it a massive boost.