If I was doing something that needed heavy security, but I'm just a boring average joe. My critical accounts are protected by TOTP on one (backed up) device only, other things are kind of "good enough" with passkeys and passwords. If I ever become a criminal mastermind or double agent I'll probably dive into such methods though.