Other solutions are either or. There is a benefit to confirming particular actions (with the info about the action) in the app but it's unnecessarily inconvenient for mere login.
U2F isn't widely supported but I managed to secure virtually my entire high-value Internet presence with it. Google, OVH, Coinbase, and Stripe all support it. Let's be honest, for HN I wouldn't bother with any second factor. I have the password saved in the browser and that's more than enough.