[tptacek]

The entire security model depends on the devices being uncloneable.

[noja]

But my security model does not allow putting myself in a position where I am stranded without my second factor (or doing huge amounts of work re-registering everything).

[tptacek]

That's why you set up backup factors.

It is for the same reason that services like Google Mail won't let you set up a U2F token without a backup factor.