Physical 2FA devices impose a significant price burden on folks who don't have a lot of disposable income. Imagine scraping by to pay rent from your minimum wage job, and you're told that you can't sign up for $SERVICE because you don't have a new enough phone or a yubikey.

Email 2FA works just fine. Set a long, secure password for your email account. Trust that your email provider won't allow anyone to brute force their way into the account. Don't use that email for any other accounts. Bam, security is fine.

Stop trying to force more and more purchases and apps down other people's throats. Maybe I don't have a smartphone or a yubikey. I should still be able to use services, especially when many of them are required to function in society today.

Italy here.

A couple of my banks let me login by confirming my identity with a fingerprint on my phone, in their app.

Another one still supports their old 6 digits OTP generator, but also has the app with the fingerprint authorization.

Mastercard does key6 but they or my bank also send a SMS with a numeric code.

Paypal sends an SMS with an OTP.

It seems that nobody wants to spend money on hardware here.

The parent did refer to banks giving them to people. I just got a USB one in a swag bag at an event from Google so I guess they're pretty inexpensive these days. But I don't disagree with the basic point. Most everyone has a phone and won't carry around a separate hardware device in general irrespective of price.

Yeah, of course I won't do that because I might lose that device and it takes space, times the number of banks giving me their own hardware.

I keep my hardware key generator at home. I need it only to perform some operations from my computer. Everything I do outside home is with the phone, which funnily is its own 2FA device. Banks and regulators accept that for the sake of convenience.