sadly u2f only works with chrome. i use thunderbird for my gmail, and occasionally firefox for webmail. dislike chrome passionately.
It's dismal how glacial the progress has been with U2F - which reflects, in my opinion, the lack of sanctions against the website owners. Where they do offer 2FA, it's often on the basis of smartphone authentication which is terrible for privacy. U2F is relatively good from a privacy point of view (and as a cheap dongle), because it allows identity-per-site (which of course the site owners don't like because they want to back-end monetise you). That combined with no adequate liability means that they are not incentivised to offer U2F support. Here's a summary from 2 years ago, not a lot has changed. https://www.wilderssecurity.com/thr...on-first-look-with-google-and-yubikey.369913/
