You can’t. I imagine when you get a replacement or additional device you manually reconfirm your email and get issued another keypair, so all subsequent logins to that website just use your face or finger or whatever.

That's the thing that I find unconvincing about webauthn. There seems to be no other way than to associate several key devices for every website you are using if you are concerned about losing a key device (or get a new phone, new laptop w TPM).

Totally understood - you have to do it once per website per device but I get that's still a hassle. That said it doesn't have the UI quirks that (even good) password managers have.

Only registering new "serious business" accounts while near your second master key is easier than it sounds to us today.

Well that is DoA