Security keys like the one made by Yubikey give you a way to log into a website by merely plugging it in and pressing a button. You don't even need to type in your password anymore, much less generate a one-time code. While the method has its weakness, considering it relies on a physical item you can lose, it's considered safer than two-factor authentication, especially the type that sends you codes via SMS. Hackers could intercept messages sent to your device, after all, and gain entry to your account that way.
Unfortunately, Universal 2nd Factor (U2F) – that's what you call the type of multi-factor authentication that uses physical keys – support is pretty limited at the moment. You can already depend on it for protection on Chrome, but you'd have to manually activate it on Firefox by going to "about:config" first. Microsoft won't be rolling out U2F compatibility for Edgeuntil later this year, and Apple has yet to reveal whether Safari will ever support the standard. Further, only a few websites and services can use it, including Facebook and password managers such as Keepass and LastPass. It remains to be seen if Google's positive experience with the standard can help it become more widespread, but it's the kind of meaningful testimonial that could give it a massive boost.