Yes, that'd be possible. I don't know how webauthn works, but if it relies on ECC you could probably do ECDH between all security keys you wanted to carry your master key, and then use the combined ECDH values as the master key.
I work at a consulting firm in Stockholm, my remark about competition was solely from a user/hacker standpoint. My day job is more about security in the higher levels of the stack :-)
Cool! It was a while since I looked in the standards, but I think there definitely is support for using ECC based algorithms.
One thing I've wanted for a while is a way to properly backup a webauthn token. An approach I discussed a couple of weeks ago [1] was:
1: Generate on-hardware webauthn master key on device A.
2: Generate on-hardware key-pair on device B
3: Export B’s public key, import to A
4: On Device A: Encrypt master key with B’s public key
5: Export encrypted master key to B
6: Decrypt on B
I guess this would probably be possible with this device? Perhaps there are some even more clever way to do it.
[1]: https://news.ycombinator.com/item?id=32621426