[jopsen]

Most providers also let you create recovery codes. Or signup for TOTP which gives you a QR code.

Print those out and store them somewhere. Then if you loose your yubikey you recover access with those.

If you're too lazy to print them, the just store them in an encrypted tarball, using a very long password (and then rarely open it).

Having the extra key is also fine, but it means you need to have the key around whenever you signup for a new service.

In an ideal world, I would encrypt recovery codes with a public-key and have the private key for decoding them buried in the back yard.