Everything depends on your threat model. In short, yes...it will greatly enhance your security...especially from remote attacks.

YubiKeys are not perfect, they're just tools and must be used in conjunction with good InfoSec practices. I highly recommend the ones from the 5 series.

If someone has physical access to your device it is almost certain they will be able to hack it given enough time and money. All we can really do is make it harder...take more time, cost more money.

In response the the subpoena topic, if you can remember your password, chances are it's easier to hack and you are not creating unique hard to crack passwords for all of your accounts.

YubiKey can be used with password managers like Bitwarden and KeePass to add another layer of security.

One setup could look like this:

Bitwarden 2-step auth with YubiKey or KeyPass with OTP challenge response enabled on YubiKey.

Aegis (Android) or Ravio OTP (iOS) can be installed on a separate device (only used for mission critical accounts) with it's recovery code secured in Bitwarden or KeePass + YubiKey.

...or you can print out the qr code and delete it from your device or store it offline on an encrypted usb device and only use it when necessary behind a vpn through a socks proxy over tor etc.

One of the YubiKey's (Hardware Key's) main advantage is that it protects against man in the middle attacks. It's also a phishing-resistant MFA that makes it more difficult to remotely hack since it requires physical touch.

Hardware keys can also be used to add another layer of security on mobile through via usb-c (better) or nfc if not port is available.

On the topic of backup methods for recovering an account if the YubiKey is lost or not present. As the op said, many services (not google) allow for other backup authentication methods.

I submit that this does not invalidate the usefulness of a hardware key.

YubiKey adoption is gaining more traction. The idea is to be mindful of which backup authentication you enable once you set up your YubiKey and make sure you have a min of 3 YubiKey backups.

Depending on your threat model, this could be one that stays plugged in to your laptop, one on a keychain, and one in an offsite location. Again, if someone has physical access to your device, it's just a matter of time and money.

Where it is available opt for a random recovery phrase as a backup authentication method for mission critical accounts, don't use sms. Store it in a password manager (online or offline) and set up YubiKey 2-step authentication on the PW manager.

If an authenticator app must be is used, (depending on your threat model) secure it with a pass on a separate device from your main device accessed offline.

Without knowing your specific situation, I can tell you that compartmentalizing your security in ways that don't automatically talk to each other is the goal. An offline hardware key significantly helps perform this function.

TLDR; Yes, they are absolutely worth it, I would say essential, but they are not perfect. They must be used with purpose and in addition to good InfoSec practices. You are better off using a physical hardware key than other 2fa options alone or no 2fa at all.