That is why 2fa is risky if you do not copy your KEY on a document, or if you simple do not write it on a paper. If you get stoled, and you do not have a copy of that, then it is easy, you lose everything because of your bad luck.
It's not risky at all. Just like people have paper wallets containing their private key(s), people can create 'paper wallets' for their 2FA key(s). I do so too and never had any issue, even not when initiating a reset/recovery. I however also have to point out that in some cases the reason for not valid 2FA codes is that the device's time and date aren't perfectly synchronized with the outside world. I remember someone last year with the same problem where his 2FA codes were not accepted, and he later found out that his time wasn't perfectly synchronized. After having done so, his codes were valid again and problem was solved.