Having a recovery process for the YubiKey would really just be a potential security hole.

Ideally you have a backup clone of the key in case yours is lost/broken.

Keeping a recovery seed or backup password instead would be inherently less secure as the YubiKey uses an HMAC challenge-response key for KeePass rather than a static password/key file.

A static password or key would be a better target for hackers as it would be easier to crack so having that option would lower your overall security.

Also worth noting that the way KeePassXC handles the HMAC challenge-response is different from how KeeChallenge does it.

In KeeChallenge the HMAC secret is used to encrypt the database, which requires storing the encrypted secret in a separate file.

In KeePassXC the database’s seed is used as the challenge and the response is used to encrypt the database.

The benefit to the KeePassXC method is two-fold:

• It’s less vulnerable as the HMAC secret never leaves the YubiKey or get stored in a file.

• It increases security because the challenge-response changes every time you save the database (changing its seed)