I’m pretty sure upgrading to 16.0.3 from 15.0.10 on the production channel would be stupid before the Two Factor Yubikey app is updated for version 16.
I do see some information in the four month old changelog of the yubikey github saying that it was ready for 15, 16, and 17, so maybe it is safe?
From my experience I cannot recommend using Two Factor Yubikey. In my Nextcloud installation I cannot remove 2FA via Yubikey and therefore locked myself out.
I finally bit the bullet when 16.0.4 showed up on the production branch. I made sure I had alternate 2FA methods before I setup the Two Factor Yubikey in the first place. So, I figured I was pretty safe between Two-Factor U2F, Two-Factor TOTP Provider (which I setup using Yubico Authenticator), and the backup codes which are stored in my Password Safe database. I did not want to be locked out if I lost the Yubikey or the U2F security key, or both. They tend to be on the same keyring.
Two Factor Yubikey, version 0.4.1, appears to work just fine on 16.0.4 in recent Chrome and Firefox from my Ubuntu 18 workstation.