It seems like if you are on Linux (no Windows Hello or apple Face ID/ touch ID), then your only option for WebAuthn is to buy a Yubikey. Some people (including me) don't want a usb key. I'd much rather use TOTP or to verify using an existing verified device (like how Signal or Matrix does it)

There is a huge number of other vendors supporting Webauthn apart from Yubikey. (From the top of my head Nitrokey, Solo, Tomu, Mooltipass, Ledger, Trezor, Google Titan, OnlyKey, Token2).

You could also use the system TPM (https://github.com/psanford/tpm-fido).

A brief search didn't yield any FIDO2 software-only solutions for Linux, but I see no reason why in principle you couldn't implement it (perhaps interfacing https://github.com/google/OpenSK through hidg - similar projects do exist for U2F).