Unfortunately this tech requires special HW. It would be nice if I could just upload a key pair into a browser, name it, lock it with some password, and easily manage which key pair authorizes what accounts, create subkeys locally for access to specific limited list of accounts while traveling, etc. It would be a massive improvement over status quo and would pretty much end credential stuffing for once, but no. You have to buy expensive shit that gets lost easily or broken, that you can't backup online and recover in an instant you need it.
I just refuse to be forced into someone's idiotic security requirements that completely forego any other considerations user may have, other than this stupidly absolute focus on security.
Every time I imagine this glorious new world of webauthn replacing everything... it's just not appealing. I lose the HW key, so I need to buy a new one. I can do it online, except I can't because I need the lost HW key to confirm the card payment or login to my bank account and initiate a transfer. I have to go buy it to some physical shop or pay on delivery. Most don't carry it. Now this happens on a vacation, where it's generally easier to lose things, and gerneally impossible to buy things like HW security keys.
It would be possible to have a SW based solution, by emulating the USB FIDO interface, or whatever, but I really don't want to get locked into a solution where there's a constant threat that some services will just start requiring HW key attestation.
So, no. Security is important to me, but so is reasonably doable disaster recovery not requiring anything more than an internet connected computer and things I can remember.
