[xur17]

> But yeah it's a UX problem that hopefully will find a better/non-hacky solution than "register multiple keys for each site".

This seems like a huge blocker for adoption. I currently run into this issue with FIDO for 2fa - I store my backup key offsite, which means enrolling the second device requires me to make a special trip to retrieve the device. My current approach is to retrieve the backup token every few months and add it to all of the new services I have enrolled in, but I don't have a good system for remembering all of these services, so I inevitably forget one (despite only using the key on a few services)...

[tialaramex]

Write the services down. You don't need to keep the fact that you have FIDO tokens secret unless you're keeping them somewhere otherwise unsafe like under a rock in your garden. So a list titled "Services I've enabled for FIDO" with check columns for the tokens gets it done.

[xur17]

That's my current approach, but I'm not as disciplined about writing them down as I should be.