@scy u2f is only usable as 2nd factor, as you said before. Fido2 forces "user verification", like at least clicking the key to show you are at the machine physically (as in MFA, "own" the key), whereas u2f works without (there are u2f keys without button).
aside of that the ctap protocol is different, so the handling of the authenticator on the client machine. Afaik there is more configuration the server admin can force on the client, like which authenticators are allowed.
@scy if you only use passkey as second factor, you should be fine with an old u2f device
(While still being phishing proof, in comparison to all the totp and notification apps).