I’m assuming instead of saying “forgot password?” the text would say “lost your key?” or “don’t have your device?”. But what would the process of secondary access look like in the future when passwords are ..ahem.. dead?
Would sending a login link to emails still be the primary method of access? Although, you’d need your FIDO2 device for accessing emails in this fictional future. Would you perhaps need to use multiple security keys as backup (equivalent to TOTP one-time recovery codes) ?