I'm trying to figure the best strategy for having a backup U2F token. Ideally, I want to have two identical tokens; obviously I'll have the primary one easily accessible (say, on my keyring), but the second one I'd place somewhere not easily accessible (extreme cases are: bricked up into the wall, or buried somewhere in the forest). So whenever I register on a new service supporting U2F, I just use my primary token, and I know that the second one is also automatically supported. I consider this strategy a good tradeoff for being secure and still have a reliable backup option.

But apparently, with yubikeys, the only viable option is to have two distinct tokens and register both of them manually on every service I use them for. However, this is less than ideal because I'd have to keep both of them easily accessible: it's okay if I have to unbrick the backup token in a bad event of losing the primary one, but doing that for every new service is not viable.

Actually I was surprised to find out that even though yubikeys do support programming of OTP key material (and they even have two slots, it's really nice), they do not support programming of the secret key used for U2F.

So, I've got two questions:

1. Is there any particular reason that U2F secret key on yubikeys is not programmable, even though secret data for other modes (e.g. OTP) is programmable?
2. Is there some good alternative to yubikey (also waterproof etc), which does support reprogramming so that I could have two identical U2F tokens? Ideally the one which is usable on mobile (i.e. with NFC support), but it's not the strict requirement.