They might be a preference but I don’t see how they can be best practice when they’re barely supported on a lot of platforms - Firefox has some support (but doesn’t work with, for example, Github), no/limited support in Safari, no/limited support in mobile devices.

U2F on Firefox works well GitHub in my experience; it's Google that's the problem. Mozilla have added a shim to enable login to Google using a key but (due to spec deviance) if you want to add a key you still need to use Chrome :(.

WebAuthn (previously U2F) is just now gaining that support and momentum, with support both in Firefox and Android

Oh for sure, and if Safari (including iOS) gets support we'll be golden across the board [1] whereas U2F was until recently pretty much Chrome-only [2]. It just can't happen soon enough!

1: https://caniuse.com/#feat=webauthn 2: https://caniuse.com/#feat=u2f