You can get pretty good identity approximation with an offline HW device (trezor or such) which only you know pin of. To get hacked, you would need an attacker to take your device and force you to disclose pin, i.e. totally control you - for such an extreme case, definitely a third-party confirmation would be best.

In all other cases, HW auth is a quicker and more secure (no human involved making social engineering impossible) method.