Unfortunately as you’ve experienced, aside from the extreme lack of services that support WebAuthn/FIDO2, most of the services that do support the standard misunderstand the reasons behind it and implement things wrongly… A well-implemented 2FA system using FIDO should allow multiple hardware tokens to be registered against a single account. And using the hardware token ID as the sole account identifier is stupid beyond words, whoever came up with that idea needs to have a long hard think about real life and why locks normally come with more than one key.