Currently only one can be registered which is either a significant risk or defats the purpose of using one. By only allowing one users are forced to chose between using only the one and risking getting locked out should their key break or be lost. The alternative is to not disable other forms of 2FA which are more vulnerable, defeating the purpose of using a FIDO2 key for auth.
