[guitarbill]

you don't necessarily need two security keys. written down backup codes or an authenticator app are also good second factors.

[borplk]

If you can just fall back to authenticator app by saying "oops don't have yubikey now" then you get no extra security for using a yubikey.

[tialaramex]

You may consider that the authenticator offers enough security but a Security Key is more convenient. I hate typing 6-digit codes into things, touching the little contact or pressing the button on my Security Keys is much more tolerable.

Now, personally I wouldn't want the phishable Authenticator as fallback, but it's definitely better than SMS for example.