Oh is that what the "anonymize this key" is? If the website requires attestation, authentication might fail, but no website should require attestation, maybe unless you explicitly got the key from them (like a bank).
Websites should absolutely be requiring attestation.
The attack scenario here is malware on your computer pretending to be a hardware authenticator (during sign-up or 2FA enrolment) but really just emulating one in software.
In this scenario bad guys are currently authenticated as you (otherwise they can't do enrolment) and can do whatever they want but, perversely, they decide what they want to do is... obtain the ability to authenticate as you later in a traceable way. I don't buy it.
If you're a James Bond villain and the plot's resolution needs to be saved for the final reel then this makes sense, you can't blow up the world 40 minutes into the story 'cos the audience knows that isn't the end. But real crooks don't want to build suspense, they're going to jump to the part where they win. Why play this long game?
The attack scenario here is malware on your computer pretending to be a hardware authenticator (during sign-up or 2FA enrolment) but really just emulating one in software.