[nickray]

Yes, the vast majority of users just worry about losing or breaking their U2F token. Such a user just wants to be able to log in and replace credentials. The proposed solution, which I find surprisingly elegant, in comparison to regular two tokens offers ease of use: avoiding registering a second token everywhere (and possibly the invalidation of the lost key at first login). Compared to the usual TOTP fallback, it keeps the phishing protection.

[dimonomid]

Thanks. What do you mean by "possibly" though?

> and possibly the invalidation of the lost key at first login

Do you mean that some service might disregard the counter value (the fact that Google and Github respect it doesn't mean everyone does the same), or something else?

[nickray]

Yes :) Personally, I would just start replacing credentials upon loss in descending order of importance.

[dimonomid]

Yeah sure, I mentioned in the article that the purpose of the backup is to enroll a new token and revoke the old one. It would be a bad idea to keep using backup for a long time anyway.