Not to mention that a better security would involve a master key, and revocable subkeys signed with it, one for each device, instead of syncing. Not to mention n-of-m requirements.
And sure, I understand that most people need the paternalistic form, whey they are not given any guns and are also unable to export their keys from some service.
For example, with TOTP, the key is given to the user in the QR code, but common authenticator apps are unable to export the same data after it was imported. But not all; and the only bad thing about this is that the export restriction is a surprise to those who didn't expect it.
And sure, I understand that most people need the paternalistic form, whey they are not given any guns and are also unable to export their keys from some service.
For example, with TOTP, the key is given to the user in the QR code, but common authenticator apps are unable to export the same data after it was imported. But not all; and the only bad thing about this is that the export restriction is a surprise to those who didn't expect it.