U2F allows you to secure your account with hardware tokens, such as Yubikeys.
Cloudflare does support "soft 2FA", which is two-factor authentication using apps, which is good, but could be vulnerable if a remote hacker gets hold of your 2FA secret by, for instance, compromising your password manager.
If you are keeping it only in the app but lose or break your phone, you will have to go through a verification process to regain access to your account. This process is, itself, a huge target for hackers.
For protecting domains that are important to your business - and, indeed, protecting your Cloudflare settings - nothing beats having two hardware tokens associated with your account, each located in a separate, secure location. They are inexpensive, do not need to be recharged, are almost impossible to break, are easily hidden and, if you lose one, you can use the other until your replacement arrives.