An authenticator app can be cloned or accessed by a third party. A key is a physical device you have to plug into the device (or tap) to authenticate. So it would be much harder for someone in another continent to access your accounts without physical access to the key. But it's all moot if there's a backup way to get in.