It's smart to buy two at the same time. While you can't copy a Yubikey, you can choose how to initialize them and you can initialize both identical to one another and then lock them down. That way they're copies of one another and fully backed up. I keep my main one on me at all times and have my backup in a safe place.
It works very well for TOTP, just initialize all the keys at the same time. You can also print the qr code on paper as an additional layer of backup which makes it easier to add a new key if you destroy yours. Obviously if it was lost, you’d want to invalidate that and reset it up, but if run over by a truck and you’re holding the pieces, it’s easier than setting up all of them again.
IMHO the YubiKey is not useful for any of those. It's excellent for storing OpenPGP keys and U2F, reasonably good for X.509 (as much as expected for X.509 I guess), and not good for much else. Using it for TOTP IMHO makes no sense, it's better to use your phone.
Authy is excellent for this. I've got it on my phone and tablet. I'm reluctant to use it on my desktop because I don't want to type in a huge password but I regard my 2015 MacBook as less secure than my devices that are protected by touch. You might be OK with that or have a laptop with touch ID.
I know posts about blockchain related technologies are all over HN these days and I think it's all super fascinating. But it took me reading your post, going to the links provided, skimming through your whitepaper (even the glossary in the paper) to try and figure out what an ICO is. I couldn't find it on there at all. After googling it, I finally figured out that it's Initial Coin Offering which allowed me to finally understand what this was all about but my interest was already fading pretty fast.
Not everyone speaks blockchain. Overall cool idea though.
1. Code tutorial websites teach mostly syntax but are weaker when it comes to teaching you how to set up an environment and structure a new environment. As such, it's useful to look at other people's code on github or similar. Websites and web applications are only partially about the code your write; they are also about the system on which they are built. Learn what it means to "deploy" a website and how that works. Even though some will argue that that's more of an operations concern, as a web developer you often have to wear multiple hats, including operations and server management.
2. With languages like javascript, especially for those with no programming experience, it's really easy to get your feet wet and believe that you "get it", that you "know javascript". That's a fallacy. Javascript, perhaps more than other languages I know, is easy to stitch together to get working (quick and dirty) but really tricky to write eloquently in a way that follows core software development principles and in a way that is easy to manage in the long term (which is part of the reason that there are so many JS frameworks out there).
3. Accept that there are things that you just don't know (and things that you don't know you don't know) and dedicate time to learning from others; not just as you get started, but forever. We spend time on our team every day sharing even the smallest things that we've learned that week to promote this idea (even things like "I discovered the `git add -p` command and here's what it does!").
