Keyfile? YubiKey? Both? I, myself, use just use a standard keyfile that I generated with KeePass. This should be plenty secure along with a strong password.
Some guy once showed me a neat trick. Instead of generating the keyfile in KeePass, he would instead generate a very long password, paste it into a txt file, and use that as a keyfile. That way, it is much easier to backup, since it is just a single-line string of text. It can even be backed up as a QR code very easily.
I use KeepassDX w/ “Key Driver”
Same! Shit just works, it’s dope.
For real! Yubikeys are such a convenient 2FA method, I highly recommend to anyone reading this. (ALWAYS BUY TWO KEYS)