I'm not an expert but the way I see it is this: if you're tech-savvy and use common sense, they're not necessary, as a 2FA app with TOTP along with random, strong passwords should be enough. I still use both for most things, only securing more sensitive stuff with a physical key.
However, having one definitely can't hurt, and if you're passionate about cybersec, it'd be kinda strange if you didn't have one.