People do bring this up on HN a lot. For WebAuthn / U2F the only actual example anybody has is AWS. So that's not an industry problem that's specifically an AWS problem. Unless you have an actual example which isn't AWS?
As to TOTP it's a shared secret, so just clone it. If they allow you to set multiple secrets it would just reduce your overall security because more random guesses work. Also, get WebAuthn instead.
reply