May be similar issue as mine.
Yubico has pretty awful on-device password support, but for MFA it works.
With yubico you're better off thinking of per-site passphrases that you keep in memory in addition to their one-click password entry, so it gets memory heavy.
My main thing is my paaword manager is protected by 2fa...maybe not 100%secure granted, but I am not a state level actor and have no major money/property to steal. That's probably why I have no similar issues.
Out of left field, but take a look at Trezor.
They specialize in cryptocurrency hardwallets, but by extension, they also offer password/2fa functionality on their devices.
No biometrics* that I'm aware of, but PIN protection is mandatory.
So as I see it, there is no jack of all trades here, no device supporting modern encryption standards, having biometrics and NFC support and is best case made in Germany, at the moment. 🤓
I went for a YubiKey last night, I am sure it is good enough. 😅
And thanks again for your suggestions.