Assigning a hardware MFA to my organisation root account.

You will find more information about Using multi-factor authentication (MFA) in AWS here. And you can read more about What if an MFA device is lost or stops working here.

Hi,

from documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa_lost-or-broken.html

Basically, you can register multiple MFS devices to root user to have a backup if one fails or you must be prepared to use the identity verification procedure if you can't have more than 1 device

Recovering a root user MFA device

If your AWS account root user multi-factor authentication (MFA) device is lost, damaged, 
or not working, you can sign in using another MFA device registered to the same AWS 
account root user. If the root user only has one MFA device enabled, you can use alternative 
methods of authentication. This means that if you can't sign in with your MFA device, you 
can sign in by verifying your identity using the email and the primary contact phone number 
registered with your account.

Before you use alternative factors of authentication to sign in as a root user, you must be 
able to access the email and primary contact phone number that are associated with your 
account. If you need to update the primary contact phone number, you can sign in as an IAM 
user with Administrator access instead of the root user. For additional instructions on updating 
the account contact information, see Editing contact information in the AWS Billing User Guide. 
If you do not have access to an email and primary contact phone number, you must contact AWS 
Support.

Best,

Didier