U2F works too, and it even hides the details about which sites you have registered in from everybody but each individual site owner - you can't identify the individual token of know if your users have registered elsewhere or not even if you compare account details. They use unique keypairs for every site.
As far as I get it (I haven't read much about U2F), U2F is generally perceived - and advertised - as a second factor, not the primary credential like a password.
On the other side, client certificates (be it TLS with X.509 or whatever) are generally considered as password replacements.
I mean, I suppose many don't want a password - just click an identity with autonomous credentials that don't depend on any third party, optionally do the confirmation ritual (hardware button, PIN entry) - and get recognized.
