Four years ago I bought a pair of YubiKey 5s: One YubiKey 5 Nano, which fits in my laptop’s USB slot, and another YubiKey 5 NFC as backup, which sat in my home office. However, I kept worrying about what happens if my house burns down or something, taking both my laptop and office YubiKeys together at the same time. On the otherhand, if I stored my YubiKey 5 NFC offsite, then whenever I needed to register a new FIDO service, I would need to go fetch the key, update it, and then return it. Based my peronal experince, even if that were not a big pain, the "return it" step often gets delayed indefinitely because it feels so low priority.
Then I read a popular comment made on Hacker News: Get three YubiKeys. Suddenly everything clicked! I bought a second YubiKey 5 NFC last year.
Now, I keep a second YubiKey 5 NFC offsite, in addition to the one in my laptop and the one in my office. If my home burns down, I still have an offsite YubiKey available. But the best thing about having a second YubiKey 5 NFC is that it partly mitigates the offsite update problem.
In the previous scenario, we required potentially two trips offsite to update the backup YubiKey. However, now the procedure is to register a new FIDO service is to first update the office YubiKey 5 NFC key (and the YubiKey 5 nano). Then, at your earlist convienence, you swap the office YubiKey 5 NFC key with the offsite YubiKey 5 NFC. When you get the offsite YubiKey home, you update it with the new FIDO service and then it becomes the new office YubiKey. There is no need to return to the offsite location.
Part of the issue is that there is no "public FIDO key", like there is with a "public PGP key". You need the acutual YubiKey in hand to register it with a FIDO service, no matter whether it is a discoverable credetial or not. If you were only using the YubiKey as a OpenPGP smart card, the perhaps you could get away with just having a local key and an offsite key. Even still, I would recommend a third YubiKey so that whenever the time comes to do some operation on your offsite key, you can perform the same swaping trick.
The title of this article says that three is the right number of YubiKeys. However this is because I only have one nano in my laptop because that is my primary computing interface. I do have a desktop computer that I mostly only access as a remote server. If you have multiple computer devices that you regularly use, it would make sense to have a YubiKey nano device in each of them. And in addition to those, have one offsite key, and one local key for swapping with the offsite key.