Security Keys like YubiKeys are not a gimmick. They are meant to increase security by replacing less secure methods of 2FA.
The current process at dropbox forces me to have an SMS key or Authenticator app to use 2FA. Even when I add security keys SMS/Authenticator can not be removed. Therefore I cannot replace the less secure method with Security keys. Subsequently, security is not improved or even reduced, by allowing more methods.
The suggestion is to allow only e.g. two security keys and disable all other 2FA methods. This ties the account to physical tokens and makes exploitation of access impossible.