The UX I'd say is following dark patterns for this.
You cannot enable U2F without first enabling SMS Auth and or OTP Auth. Once u2f enabled if you delete both SMS Auth and OTP auth it disables 2 factor auth and takes you to a welcome screen to get started enabling it again with the only 2 options SMS / OTP, once enabling one of them you can add U2F again.
Also I have "security.webauth.u2f" enabled in Firefox but Facebook is the only U2F service I use that doesn't work in Firefox so it falls back to the SMS / OTP methods on login.
> Also I have "security.webauth.u2f" enabled in Firefox but Facebook is the only U2F service I use that doesn't work in Firefox so it falls back to the SMS / OTP methods on login.
I noticed this as well. I was able to add my security key via Firefox, but for some reason Facebook decided that you need Chrome to use U2F when logging in.
You cannot enable U2F without first enabling SMS Auth and or OTP Auth. Once u2f enabled if you delete both SMS Auth and OTP auth it disables 2 factor auth and takes you to a welcome screen to get started enabling it again with the only 2 options SMS / OTP, once enabling one of them you can add U2F again.
Also I have "security.webauth.u2f" enabled in Firefox but Facebook is the only U2F service I use that doesn't work in Firefox so it falls back to the SMS / OTP methods on login.