If a website only supports one passkey on one device, it's a shitty implementation. To be fair many websites have shitty implementations, so I ended up using my yubikeys to store the secret for OTP codes.

Having only one device that has authority to log into your accounts is obviously not a good security model.