In early 2017, Google required security keys for all 85,000 of their employees. Since then, the number of exploited accounts is zero.
Yubico has keys that are FIPS 140-2 validated and made in the USA. Google also has their own Titan Keys coming out. Just search FIDO U2F on Amazon for tons of options. Roll them out starting with your executives and administrators today.
Read more about it here: https://support.google.com/a/answer/9022736?hl=en