Log in to your Salesforce account as an administrator, click on the cog icon, then click on the button "Open Advanced Setup" (example below);
In the left hand column scroll down to the section "SETTINGS", then expand the section "Identity", then click on the sub-section "Identity Verification", then tick the option "Let users verify their identity with a physical security key (U2F or WebAuthn);
To allow users to verify using Fido2 keys, ensure that this option is ticked;
You will also want to enforce MFA during user login.
If this is desired, then scroll down to the section "Multi-Factor Authentication (MFA)", then tick the option "Require multi-factor authentication (MFA), for all direct UI logins to your Salesforce.org";
Once this option has been selected, scroll to the end of this list then click 
, and the settings will be updated;
Next, under your user icon click on the settings link (example below);
Then in the left hand column, in the "My Personal information" section, click on the link "Advanced User Details";
In the centre of the screen there is now a section headed "Advanced User Details";
Scroll down this section until you find the setting "Security Key (U2F or WebAuthn)", then click on the "Register" link;
You will now be asked to verify your identity
Obtain an OTP code from your authentication app (or programmable token), enter it into the requested field, then click 
;
You are now ready to register a Fido2 key with Salesforce, and will presented with the following screen, click 
;
When asked where to save this passkey, select the option "Security Key", then click 
;
You are now notified that access to google will be prepared with your Fido2 security key - click 
to proceed to the next step;
Next you are asked for permission for the site to access your Fido2 key, insert the key into an available USB port then click 
;
At this point you will be asked to provide the PIN code that protects your Fido2 key;
Enter the PIN code for your key then click 
, and you will be asked to touch the button on your key (if your model has a fingerprint reader you may be asked to provide a finger swipe instead);
Provided you press the button on the Fido2 key in the allowed time, the passkey details will be stored on your Fido2 key, and you will be presented with the following confirmation;
Click "OK", and the FIIDO2 key will be registered with Salesforce as soon as you verify the key.
To verify the key first click on the 
button;
Once again you need to select your security key (click on "Security key", then click 
;
Enter the PIN on your key, then click 
;
Touch the security key;
And your Fido2 key will be registered with Salesforce.