Re: But...
h/ware 2FA ? sorry NO, I will stick to s/ware 2FA , unless you want to have a bucket full of h/ware fobs.
Even then those h/ware tokens are not password/PIN protected, (with the exception of some of them with a tiny numeric pad). As for the SMS auth, they are fine if some people wake up and put a SIM PIN instead of the 0000, also I really hate some services (eg. Post Office) that sent them as Flash SMS!!