I tried to get mine as future-proof as possible, but I was left with a choice of either getting the Yubikey Neo with NFC or a Yubikey with USB-C.
I went with the Neo, because it supports all of my current devices, and for USB-C future testing, I tested it on my phone with an USB A-C adapter and it worked there as well. I'm a Linux/Android user without any Apple devices, though, so YMMV.
EDIT: Should also mention that I received a free basic Yubikey as a gift for subscribing to Ars Technica about a year ago. USB-to-MicroUSB and USB-to-C adapters worked on that for all of my devices, as well. I feel pretty confident switching to Yubikeys now that I have two and can keep the newish one on my keychain at all times, with the basic one in a secure place at home.
I don't think that's possible right now. Until they come up with a solution to "I've lost my 2fa token" that isn't as painful as losing you wallet there will be new designs coming out. (Actually, it's more painful. You only have a few cards in your wallet, while your 2fa token may be recognised by 100's of sites.)
This isn't a criticism of FIDO2/WebAuthn. I am impressed by how each iteration solves a new part of the problem, and FIDO2 was definitely a step forward, fixing rough edges in FIDO. But we aren't there yet. We need a FIDO3 and possibly 4, 5 and 6.
Having a backup 2FA token seems like a solution, no? As I already said, I've got a lower-end Yubikey that is basically only there to be a backup in case of emergencies.
To be honest I didn't understand your backup strategy. As far as I'm aware it isn't possible to clone a key - and I sincerely hope that's true. If you can't clone it the only other way I can think of using a backup is having every site you log into accept two so you can authenticate with either - but I've never noticed a site that can do that.
Assuming it's the "authenticate with either" solution, it ain't a great solution. If you have to replace a key you still have to visit every site you authenticate with and provide you new key. Looking at my password manager that seems to mean 100's of sites in my case.
There are lots of potential solutions to the "dog eat my token" that don't require me to visit every site I authenticate with - or even notify them. Online servers can even handle the "someone stole my token" case. Right now the only deployed online solution we have is OAuth, which really an authorisation mechanism. It sucks at for authentication.
I went with the Neo, because it supports all of my current devices, and for USB-C future testing, I tested it on my phone with an USB A-C adapter and it worked there as well. I'm a Linux/Android user without any Apple devices, though, so YMMV.
EDIT: Should also mention that I received a free basic Yubikey as a gift for subscribing to Ars Technica about a year ago. USB-to-MicroUSB and USB-to-C adapters worked on that for all of my devices, as well. I feel pretty confident switching to Yubikeys now that I have two and can keep the newish one on my keychain at all times, with the basic one in a secure place at home.