To be honest I didn't understand your backup strategy. As far as I'm aware it isn't possible to clone a key - and I sincerely hope that's true. If you can't clone it the only other way I can think of using a backup is having every site you log into accept two so you can authenticate with either - but I've never noticed a site that can do that.

Assuming it's the "authenticate with either" solution, it ain't a great solution. If you have to replace a key you still have to visit every site you authenticate with and provide you new key. Looking at my password manager that seems to mean 100's of sites in my case.

There are lots of potential solutions to the "dog eat my token" that don't require me to visit every site I authenticate with - or even notify them. Online servers can even handle the "someone stole my token" case. Right now the only deployed online solution we have is OAuth, which really an authorisation mechanism. It sucks at for authentication.