WebAuthN is an excellent alternative to passwords, but a relatively poor access recovery mechanism, given that it just kicks the can down the road to another provider at best (usually Apple or Google), and to a single physical object that's easy to lose at worst.

I use it myself, but I do also understand companies and people that don't want to make it their only way back into their account as it is.