I went ahead and paid the 10 bucks for a subscription and was able to get everything setup with a FIDO U2F YubiKey in under 10 minutes. The 1PIF import was flawless.
The only complaint I have is it appears the FIDO support is limited in Firefox, but I believe that's a Firefox issue based on what I've seen in other applications.
Every site I've tried with U2F in Firefox works great (after enabling it in about:config on FF54)...as long as I spoof the UserAgent to say that it's Chrome.
Firefox acquired a proper native implementation in 57 and 58, enabled via security.webauth.u2f and security.webauth.webauthn in about:config; I think it might be enabled by default from 58 onwards. See https://bugzilla.mozilla.org/show_bug.cgi?id=1065729.
The trouble with support for this across services is that Chrome implemented the u2f API in an utterly ridiculous way (via an extension, and you have to hardcode the extension ID and use weird APIs to access it), and then provided as the basis for other services to support it (in a supposedly-compatible way) u2f.js, extracted from a demo. And it is terrible code, clobbering the u2f global in its very first line in a way that indicates that the writer didn’t understand how globals work in JavaScript (`var u2f = window.u2f || {};`, in the global scope), and making IE give weird prompts about chrome-extension: links in an app. At FastMail we made it behave properly, but basically anyone that wants it to work properly will have to go out of their way to figure it out, because the state of documentation of all of this stuff is appalling, and the generally extant code is only slowly getting better. (We got the `u2f-api` node package fixed up, so anything that uses its latest version should work in Firefox.)
The only complaint I have is it appears the FIDO support is limited in Firefox, but I believe that's a Firefox issue based on what I've seen in other applications.