Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes. Security Keys are inexpensive USB-based devices that offer an alternative approach to two-factor authentication (2FA), which requires the user to log in to a Web site using something they know (the password) and something they have (e.g., a mobile device).
A Security Key implements a form of multi-factor authentication known as Universal 2nd Factor (U2F), which allows the user to complete the login process simply by inserting the USB device and pressing a button on the device. The key works without the need for any special software drivers.
These simple, battery-free devices provide an easy way to securely verify that it’s really you who’s trying to access your online accounts.
There are various types of YubiKeys available – choose wisely – especially the Communications Support [USB-A or USB-C connections].
You may like to see what others think – https://www.google.com.au/search?q=YUBIKEY+NEO+vs+YUBIKEY+4
These instructions will show you how to configure your YubiKeys to protect your KeePass 2.x database.