Yep! Just store your backup key in a safe-deposit box with your bank.
Then go get it every time you sign up for a new account so you can make it the backup for that account
then go store it again.
and again. and again. and again.
oh no! you lost your key! time to go to the bank to get your backup, sign in to all the accounts, remove the old key, register a new backup, oh wait, got to wait for the new backup to ship, so i guess you can't do that yet. hope you don't lose your key in the meantime, anywho, time to spend a few hours painstakingly removing your lost key from all the 9 thousand sites you use.
yay! its a week to a month later, you finally got your new yubikey shipped, time to go log into to 9 thousand websites again to set it up as the backup for all of the sites.
Ok, time to take it down to the bank.
whats this? a cool new app my friend wants to show me, ok, time to go drive to the bank and get my backup key out of storage and sign up for this cool new app.
You know, this whole driving to the bank thing, its kinda inconvenient, maybe i should just store it in my closet safe.
What do you mean the gas line under my house exploded? but both my yubikeys are in there!
----
The above is fiction, and even under fiction it seems ridiculous how this would really go is even worse:
"Go get my backup key to use for this new app my friend showed me? fuck that"
.
.
"What do you mean i can't reset my password, but i lost my yubikey!"
"No, i didn't want to get up to grab my backup token when i was registering."
"Oh wait! i bet i still have the recovery codes as a pdf in my downloads folder. its a good thing no viruses ever think to look in there"
More advanced FIDO devices like the Ledger allow you to backup the initial random seed allowing you to create a duplicate device from the backup any time you wish. No sites you signed up with will know or care that you swapped devices as the new device will generate identical keys via a deterministic KDF from the seed.
You can put this seed far away and would only ever need it when you wish to replace a lost or broken authentication device.
Aside: no US major banks issue safety deposit boxes anymore other than wells fargo which will stop issuing them soon as well.
Then go get it every time you sign up for a new account so you can make it the backup for that account
then go store it again.
and again. and again. and again.
oh no! you lost your key! time to go to the bank to get your backup, sign in to all the accounts, remove the old key, register a new backup, oh wait, got to wait for the new backup to ship, so i guess you can't do that yet. hope you don't lose your key in the meantime, anywho, time to spend a few hours painstakingly removing your lost key from all the 9 thousand sites you use.
yay! its a week to a month later, you finally got your new yubikey shipped, time to go log into to 9 thousand websites again to set it up as the backup for all of the sites.
Ok, time to take it down to the bank.
whats this? a cool new app my friend wants to show me, ok, time to go drive to the bank and get my backup key out of storage and sign up for this cool new app.
You know, this whole driving to the bank thing, its kinda inconvenient, maybe i should just store it in my closet safe.
What do you mean the gas line under my house exploded? but both my yubikeys are in there!
----
The above is fiction, and even under fiction it seems ridiculous how this would really go is even worse:
"Go get my backup key to use for this new app my friend showed me? fuck that"
. .
"What do you mean i can't reset my password, but i lost my yubikey!"
"No, i didn't want to get up to grab my backup token when i was registering."
"Oh wait! i bet i still have the recovery codes as a pdf in my downloads folder. its a good thing no viruses ever think to look in there"
----