I can't find a source, but my recollection is that Google developed U2F because autofill didn't work reliably enough, so many users would just paste the password manually anyway.
It doesn't matter whether the technology "works reliably enough" it matters whether the _user_ reliably won't sidestep security by pasting their password in to the phishing site. And that's something we knew the answer to decades ago: No.
Humans are bad at giving up. If there seems to be a way forward for the original plan they will press on, regardless of all indications that this now a bad idea. In fact Google had a security override in Chrome for years that was literally typing the sequence "badidea" in recognition of this. It's not specific to computer security, it happens in incident management, there's a seminal example from years back where a train breaks down, and the incident manager sees that step 1 of the response is to send a recovery train to the location, and literally _hours_ later, with passengers stranded and desperate - that manager was still wrestling with how to get the recovery train to the location so they could proceed to step 2, rather than realising that problems with the recovery train meant they needed to _abandon the entire plan and re-assess_ because humans are not good at that.
