If it's a service, then it has social/legal weak point
It is always better to do standalone 2FA then back up the token generator somewhere. But not everyone will take this responsibility.