If a website were to attempt to do this, you (or your credential manager) could simply change the AAGUID to match another credential manager.