If it isn't backed up it doesn't exist.

Corollary (likely unpopular I'd hazard) - hardware token implementations that I can't back up to paper don't exist as far as I'm concerned.

My policy is to enroll multiple WebAuthn keys and treat the second, third etc. key as the backup.

I stopped using webauthn for this reason, plus the fact requires a ton of intrusive browser features and access. This surely will enrage most readers, which itself reveals an interesting conditioning that has taken place.