Backup codes somewhere safe. I mean if you're traveling and your bank cards or passport gets stolen you're similarly in trouble, but there's a contingency plan for those kinds of things.

I thought the working group making the standard was threatening to blacklist any implementation that allows passkeys to be exported for backup, no?

Yes, but unlike with 2FA and SaaS, there's always some recourse. Worst case, you may need to physically visit some bank or government branch, send some registered letters and/or notarize some statements, but there's always a way to recover from losing your ID, passport, or access to a bank account.

Until similar process exist in digital space (read: is legally and culturally forced on SaaS vendors), 2FA is frankly dangerous - it demands standards of diligence and long-term care that not even government affairs do. The back-up codes users are instructed to print out and store securely? No other document in most people's lives requires such long-term protection.