You enroll up another hardware device (or 2) as a backup and securely store them in different places.
This is normal to do for yubikeys, for example.
The main point is that the secrets stored on the device are usually used to unlock other secrets stored elsewhere, and so themselves don't need to be synchronized often.
You don't.
The normal procedure here is to have multiple unique keys with multiple unique secrets. If one breaks that's it it's broken. This also allows you to revoke a key without removing all keys.
This is normal to do for yubikeys, for example.
The main point is that the secrets stored on the device are usually used to unlock other secrets stored elsewhere, and so themselves don't need to be synchronized often.