Keyfile? YubiKey? Both? I, myself, use just use a standard keyfile that I generated with KeePass. This should be plenty secure along with a strong password.

Some guy once showed me a neat trick. Instead of generating the keyfile in KeePass, he would instead generate a very long password, paste it into a txt file, and use that as a keyfile. That way, it is much easier to backup, since it is just a single-line string of text. It can even be backed up as a QR code very easily.