You have to make sure the attacker cannot revoke your key first. If the backup code is unrevokable, then it is indeed a nice solution, albeit a high-friction one if you are doing safe backups for each new account.