You are absolutely right for 'collaborative tools' where most status changes are meaningless. But I think OP is going after something else, you nudging yourself repeatedly to start something you are dreading.
maddening maybe, but because of the simple equation that the fraud losses from continuing to use swipe and issue cards without chip are high, but the margins on credit cards, due to the high rates are high enough to cover it. Carrying a balance on a credit card in Europe and South America is not very common (your account bank will grant a decently priced overdraft facility (not the crazy US fees there), rebates/points/miles are lower - so it just pays to be complacent here for the industry.
Enterprise sales - that is a hugely untapped market for password managers (and a huge gap for a lot of companies where people keep their various passwords that are left after massive SSO implementations when they try to SAML everything). CyberArk plays in that space, but Bitwarden with the thoughtful way they have built this product can give them a run for their money.
But do HW security tokens create a probability of a hard lock-out that outweighs the security/convenience they provide.
If you lose your key, you're locked out --- simple as that.
About the only reasonable way to create a backup is by buying/using/registering multiple keys. But at $40+ each, the cost adds up quickly.
It is hard to beat your phone for overall convenience. My phone is always with me and with my TOTP keys backed up to secure on-line storage, I can easily restore these to another device if/when needed and continue with only a minor hesitation. For most people, this is the most convenient/least expensive/best all around solution IMO.
I am not saying it is right, but to a large degree this is the cost that some of us 'pay' for millions having 'free' Gmail/GDrive etc. Fully automated processes that close accounts, no due process to get them timely reinstated when the machine made an error.
You are correct, if they admit a mistake here, it will open the doors to lots of claims. I sometimes think they could a lot of people to pay for the service (with $ not just having their digital lives being harvested) if they knew to be treated better when something like this happens.
The question everyone needs to ask themselves, if Google closed your account right now, for good - what would that do to your life...
until your FIDO key sits in a apple/Google/MS cloud account that has been disabled because of some alleged tos violation and you can't extract it from your phone. No thanks.
