My suggestion for a regular person is to not deal with Yubikeys. The risk of me somehow shooting myself in the foot trying to use them is much higher than the risk of getting hacked. My most important thing by far is my bank account, which has 2FA via the Chase app on my phone. Doesn't even support Yubikeys. A few other things are like this.
That's good enough for my personal life. I only use a key at work, where they manage all that for us.
If you travel overseas a Yubikey (or equivalent) is apparently a good way of escaping the account lockouts that Google applies when it detects suspicious behaviour. While TOTPs and regular passwords can travel a continent in a few milliseconds, a hardware key cannot, so anyone using it overseas is much more likely to be you.
I've yet to test this but adding a hardware key is the advice I've found online around this particular issue.
(Yes, I also have my own domain in the case I get fully locked out, I am paranoid)
That's good enough for my personal life. I only use a key at work, where they manage all that for us.