A good strategy for this is to enroll it at day 0 for the most sensitive systems (e.g., password manager, email accounts). This way you are able to use it as a backup in the sense of giving the option to reset or access (e.g., via backup codes) all the services, without being necessarily enrolled in all of them.