Someone made a bookmarklet to disable it: https://github.com/kfahy/slack-disable-wysiwyg-bookmarklet

Google did suddenly start supporting U2F in Firefox a few months ago!

Somehow doesn't work for me :-(

U2F is by default disabled in Firefox. You have to turn it on before using your Yubico (or other FIDO) key for a service being accessed though Firefox. It’s easy to enable. See https://www.trishtech.com/2018/07/enable-fido-u2f-security-k...

Did that some time ago already, doesn't work for me, I can't log in with my Yubikey, which at the same time works from Chrome.

Oh sorry it wasn't something simple. I just enabled it on my laptop yesterday and it worked (Firefox 62.0.2 running on MacOS 10.14).

At first I thought that I hadn't enabled right. After checking the setting again, I found the problem--I had plugged the Yubico Key in upside-down.

Unlimited! Except for passwordless credentials, which do consume storage space aboard the device. But second factor (U2F style) credentials are stored encrypted on the server, so there's unlimited "space" for them.

If the server allows it, sure.

That won't work for U2F or FIDO2, unfortunately, since the master key is not configurable. You need to enroll both keys with each new service, sadly.

For U2F you're right that it becomes single factor if you use the device as the only factor. With FIDO2 (which is what makes passwordless available), however, the device supports a local PIN as the "something you know" factor - and it's also a better kind of knowledge factor than a traditional password since it's never sent over the network.

It's a hardware token that supports a local PIN as a second factor.

My friend lost his YubiKey and found it embedded in his gravel driveway six months later. Still worked like nothing had happened.

And even then, the token would lock itself down after too many incorrect PIN attemtpts.

NEO also does OpenPGP over NFC on Android. iOS only recently started opening up NFC to non-Apple developers.