2FA with backup Yubikey

[DennisHermannsen]

Is it possible to configure WHMCS to allow 2 Yubikeys for the same admin? The second key is only going to be used in case the first key stops working or is lost.

[WHMCS John]

Hi @DennisHermannsen,

Currently one Yubikey can be associated with an Administrator or User.

The one-time backup code can be used to login if they Yubikey stops working or is lost. Once logged in you can disable 2FA and then re-configure it using a new Yubikey.

[bear]

So this is a WHMCS shortcoming/choice disallowing more than one key?

https://support.yubico.com/hc/en-us/articles/360021919459-How-to-register-your-spare-key-

Quote

For any services that use Yubico OTP or FIDO security protocols, you'll just need to register the second key exactly as you registered the first. So you can follow the same setup instructions listed in our Works with YubiKey Catalog. 
It's important to note that keys are not linked together in any way. Instead, both keys need to be registered separately to the account, and then either can be used to authenticate with. 

I stopped using my Yubi with WHMCS (time based via phone app now) when it no longer worked after an upgrade to WHMCS, so don't recall if it showed a QR code or not. If it does, just save the QR code along with the backup code(s), and use that on key #2, according to Yubi. Seeing WHMCS uses OTP, however, has me thinking it's no QR code.