[Alupis]

What would be that alternative?

The point of 2FA is "something you have"... if you lose it, you no longer have it. It's designed to lock you out if lost/stolen... otherwise, what would be the point?

As an aside, 2FA keys are not what most people use... they use cell phone numbers, time-based rolling-code authentication apps, email addresses, etc. It's your choice to use a physical key, even if it might technically be the most secure of the options.

Security is always a trade off with convenience.

GP seems to not understand the point of 2FA. If you can simply call up customer support and maneuver you way back into a locked account, then so can the "bad guys". Any information they have about you can be found by a determined attacker... hence, the "something you have" approach.

[derekp7]

Ideally I'd like to be able to register my physical token with the manufacturer and have them send me a replacement based on sufficient identification. Things like ordering the replacement with a credit card in my name, sent to my mailing address, vouched for by a notary public, and/or anything else that I check off on the list of factors I find acceptable when I send them my registration form.

The alternative is for me to use TOTP and have the secrets printed out, lightly encrypted, and stored in a safe deposit box.

[Alupis]

In order for this plan to work, the token manufacturer would have to be able to store your secrets, which means you uploading your secrets, which defeats the purpose of physical tokens. Just use a cell phone number one-time-code or authenticator app with time-based-codes instead.