> I’m going to use both. TOTP most of the time, U2F in a safe at home in case I break/lose my phone
That's backwards. TOTP is vulnerable to phishing attacks, which are the primary threat model. Far better to use U2F for daily use, and then keep a printout of the TOTP QR code in a safe at home as a backup.
That's backwards. TOTP is vulnerable to phishing attacks, which are the primary threat model. Far better to use U2F for daily use, and then keep a printout of the TOTP QR code in a safe at home as a backup.