Remember there is a trade-off with password ease-of-memorization vs. strength? We have a trade-off with physical tokens, too:
As such, an alternative to using hardware tokens (= 'hard tokens') is using software tokens (= 'soft tokens'), which are phone applications that perform the same exact actions as hard token (but can be conveniently downloaded from the app store!)
Examples of soft tokens: the soft token version of RSA SecureID (links: Google Play Store | Apple App Store), the Google Authenticator app (links: Google Play Store | Apple App Store), and the Microsoft Authenticator app (which you can use to log into your College Outlook email account!) (links: Google Play Store | Apple App Store)