Trying Out Web Authentication (WebAuthn)
WebAuthn provides two-factor authentication built on public-key cryptography -- and unlike codes via smartphone apps or text messages, it's immune to phishing as we know it today.
Trying it out
You can also try out https://webauthn.io/, which is written by some engineers at Duo.
Finally, Google has https://webauthndemo.appspot.com/, but I think it's not yet up-to-date with the current state of the specification as of this publish date.
Caution about jsfiddle, etc
Web Authentication is a powerful feature, as such it can only be used in Secure Contexts, and if used in a frame, only when all of the frames are from the same origin as the parent document. This means that you are likely to encounter security errors when experimenting with it on some popular testing websites (such as jsfiddle.net).