Re: Lost Devices
That requires having multiple devices.
And, of course, it's not just losing a phone. Phone-based authentication also fails when the phone breaks. I've never lost a phone; I've had half a dozen break over the past ten years. Generally it's immediate, unrecoverable failure, like my Asus phone where the touch screen completely stopped responding one day.
And phones are tempting targets for theft.
Dedicated devices such as RSA SecureID have better threat models, but they can still be lost or forgotten.
We know there are many problems with physical-object authentication ("something you have"), because we've been dealing with those for pretty much all of history. That doesn't mean other types of authentication don't have problems, but trying to handwave those problems away while insisting physical-object is superior is not going to be very persuasive to many people.