Regarding the static password (Backup Key):
Two or more than two YubiKeys can be configured to emit a same static password by programming them using the same programming parameters like same AES Key, same Public ID and same Private ID. For more information please visit the following post:http://forum.yubico.com/viewtopic.php?f=6&t=513
For login to online services, Yubico provides the OTP validation service, the Web Service API and corresponding clients in various programming languages that can be easily integrated by application developers.
Regarding replacing the lost OTP, it really depends on the application if it provides the administrators to reassign a new key to the user. However, to avoid unauthorized use of the lost YubiKeys (OTP validation), Users/Client administrators can enroll their YubiKeys with the YubiRevoke Service (https://admin.yubico.com/yubirevoke/login.php
). YubiRevoke service allows to disable (or re-enable) specific YubiKeys on the Yubico Validation Service in case they are lost. This is very effective in preventing any potential misuse of YubiKeys if they fall in the wrong hands.