@cakeisnotalie @shortridge
i understand your concern. haven't thought from that angle, thanks for sharing.. however i do think your points get worse for other MFA types, no? maybe backup keys would be sufficient next to the password. or backup webauthn private key in the backup password manage..

still unusable for non-techies. MAYBE one should include a techie-friend into the last-resort recovery plan for your non-techie person