U2F is great, except it's beyond useless for sites like Steemit.
It would have to be used as nothing more than a part of 2FA, since your password on Steemit is actually used to generate the private keys, i.e. posting, active, memo, owner.
For U2F to work, Steemit would have to be holding your private keys, in plain text. U2F works by sending the Yubikey public key to the server. The server sends some text to the key to sign, and then when the Yubikey sends it back to the server signed, the server knows that the Yubikey is legitimate.
Perhaps it needs to be a customized device then. In principle all that is required is that the device signs the transactions without exposing the private key.
Yeah, something like a TREZOR or KeepKey could probably be adapted to storing STEEM keys.
Alternatively I believe you could get a normal Yubikey and write your long password to the memory bank, so when you put the button, it enters your master password.