Wow, fantastic thread!
Been hearing the stories of 2FA being phishable, but didn't realize that FIDO can take care of that.
I use the fastmail app on my phone and I wonder how "phishable" it would be using an authenticator app. I see how going through a browser would put you at risk, but does anyone know how robust the app is by chance? I assume that it's not just a simple browser wrapped app, but I'm not sure.