Comment #1 originally posted by markus@google.com on 2012-05-16T16:49:19.000Z:

You actually provide a really good summary of how things work and of the pros and cons of these policy decisions.

On google.com, the Google Authenticator operates in TOTP mode. That means, unlike HOTP mode, it is theoretically possible to generate tokens from multiple devices. From a security policy point of view, it is not necessarily desirable to have multiple devices that do so. In particular, it is not desirable for users to add their account to a new device and to forget that they still have an old device that can also generate tokens, as this old device might eventually find its way into the hands of an adversary.

Considering all the trade-offs, and considering the fact that many users only ever use a single device, a policy decision was made. That's why google.com will not allow you to (easily) add your account to more than one device.

We do realize though that there are power users who understand how tokens work, who are (hopefully) responsible about using their devices, and who understand the higher security risks that they expose themselves to. While we do not officially encourage or support this configuration, there is nothing that stops these users from registering multiple devices at the same time.

While it is a slight nuisance that you need to revoke and then re-enable two-factor authentication each time you want to add a device, there is actually a security benefit to doing so; it ensures that you are still in physical possession of all your devices.

It is always possible that these policies will be fine-tuned at some point. And I am not really privy to that decision. But for now, I don't expect things to change drastically in either direction. Thus I am closing your report with "working as intended".