On the otherhand having your device die means without cloud backup you either lose access or whoever was relying on that 2FA needs to fall back on something else to authenticate you.
After all if I can bypass 2FA with my email whether 2FA is backed up to the cloud doesn't matter from a security standpoint.
Certainly I would agree with the assertion that opting out for providers of codes would be nice. Even if it is an auto populated checkbox based on the QR code.
The workaround I've seen is to issue a user two 2FAs keys, one for regular use and one to store securely as a backup. If they lose their primary key, they have the backup until a new backup can be sent to them. Using a backup may prompt partial or total restriction until a security check can be done. If they lose both, yes, there needs to be some kind of a reauth. In workplace context like this it's straightforward to design a high-quality reauth procedure.
They could do what Authy does. Codes are backed up to the cloud, so you're not completely fucked if the phone is stolen. But the backup is encrypted, and to access it on a replacement device you must enter the backup password.
I suspect that this sort of issue is the real reason for making it difficult to not back up secrets to the cloud. On the one hand, you will have some number of people pissed off because they were taken advantage of and they realize that it was enabled by having backups in the cloud. On the other, you have people pissed off because they couldn't manage the final step in keeping their shit secure and are now locked out of something. The number in the latter category is vastly larger than the number in the former.
After all if I can bypass 2FA with my email whether 2FA is backed up to the cloud doesn't matter from a security standpoint.
Certainly I would agree with the assertion that opting out for providers of codes would be nice. Even if it is an auto populated checkbox based on the QR code.