That's not correct. A U2F device cryptographically signs signed challenges with a key that never leaves the device. (Yes, it signs a signed challenge. That's not a typo.) The issuer of the challenge verifies both signatures to confirm that the user possesses the device and that the issuer genuinely issued the challenge embedded in the signed response.
Unlike the OTP token you're describing, a U2F device is effectively stateless. And unlike an OTP token, its signing mechanism is resistant to phishing. Finally, a U2F device is not a HID keyboard, contrary to your other comment on this page. But it is a HID-compliant device.
Unlike the OTP token you're describing, a U2F device is effectively stateless. And unlike an OTP token, its signing mechanism is resistant to phishing. Finally, a U2F device is not a HID keyboard, contrary to your other comment on this page. But it is a HID-compliant device.