They mention "FIDO® Certified* security keys", this presumably means physical keys only, and not soft keys like the ones that keepassxc/bitwarden provides? If so that might be too much of a hassle for me. I care about my security, but I don't care enough to drop $100 on 3 separate security keys, and finding 3 separate places to keep them secure.
But yes I wish you could use one hardware key as backup and one software key for day-to-day usage, or at least the security key in a trusted device (up to you to have a circular dependency to your main device or not).
At least on for icloud sign ins (not sure about password resets, too lazy to check), clicking "allow" doesn't allow the sign in, it only displays a 6 digit code that you have to enter to log in.
How hard is it to just type a code really. In the end to fight against push bombing you end up with push notification that ask you for a code anyway.