Banks and insurance companies have figured out that some things must stay old school because people rely on them too much.
FIDO alliance wants to make everyday things easy, but they don't think through all scenarios that happen when people really start to rely on smartphones and keep everything there and in the cloud tied to their ID's.
Any widely used scheme should have recovery options that are easy to set up and don't need careful planning, because people don't do that.
For example, if you travel abroad alone and lose your iPhone, you lose the SIM (with phone number) you need to recover.
Most services offer a ‘recovery code’ incase the MFA device is lost/damaged/stolen.
The only caveat is that the recovery codes are single use and exist such that you can turn off MFA in a settings dashboard, then setup 2FA again. It gives you a temporary window to fix things. Logout accidentally? Tough, you can’t use your recovery code again, unless the service offers multiple codes.
FIDO alliance wants to make everyday things easy, but they don't think through all scenarios that happen when people really start to rely on smartphones and keep everything there and in the cloud tied to their ID's.
Any widely used scheme should have recovery options that are easy to set up and don't need careful planning, because people don't do that.
For example, if you travel abroad alone and lose your iPhone, you lose the SIM (with phone number) you need to recover.