U2F is already very nice for authentication but FIDO2 allows it to be MUCH better:

1) User Verification (use a PIN to verify directly on-device instead of sending passwords to websites) 2) the ID of the resident party (rpID) is no longer sent as a hash (like the appid in U2F was), so the domain of the requesting site can be shown directly on the display instead of some hash or mnemnoic based on it 3) txAuth (websites can display text on the screen which gets signed by the device along on the request, a very useful feature especially for exchanges) 4) Resident keys (these could allow you to dop the username as well on authentication but as these need storage I doubt these could be easily done on keepkey)

especially with the large Screen the keepkey has a ton of potential for things like this.