That doesn't mean that his campaign staff are going to constantly lose their security keys. Losing a security key is an infrequent-enough occurrence that the inconvenience of needing to go to campaign headquarters to get a new key shouldn't be too onerous, not to mention that the inconvenience of showing up in person to get a new key serves as the real motivator not to lose the key in the first place.

Look, even security keys may not provide "enough" security. An adversary capable of performing a targeted, in-physical-range attack will be able to sneak a keylogger onto a staffer's laptop (to steal the password) and then take advantage of an opportunity where the security key isn't guarded to swipe the security key for either momentary access or to register the attacker's key for long term access - which won't be caught without persistent auditing efforts, which most campaigns won't do. As always, the question is "how do we raise the cost of an attack while keeping the cost of defense relatively low" and that's what security keys do really well.

Edit: look, specific campaigns may have different ways of adopting the pattern. Maybe the candidate without a dedicated campaign office could keep the keys in a safe in the candidate's home. Maybe national candidates / candidates whose staffers would need to drive for an unreasonable amount of time to get a replacement key, maybe there can be local caches of keys in different cities, where some independent business figures out a way to register numbered security keys for online accounts in a relatively anonymous way for both remote businesses and whoever else. Still doesn't mean that security keys are a bad idea.