Add backup note

book/arch/03-prepare-yubikey.md

@@ -13,7 +13,12 @@ make install
 
 
 ## Prepare 2nd slot
-Now it's time to prepare the second slot of your YubiKey for the challenge response authentication. Touch will be also enabled.
+Now it's time to prepare the second slot of your YubiKey for the [challenge response authentication](https://wiki.archlinux.org/index.php/yubikey#Challenge-Response "Setup YubiKey Challenge-Response"). 
+Touch will be also enabled. You can also install the package `yubikey-personalization-gui`. It allows for customization of the secret key, 
+creation of secret key backup and writing the same secret key to multiple YubiKeys which allows for using them interchangeably for creating 
+same *ykfde* passphrases.
+
+> Securely save the 20 byte length secret key from the output, so you can use it to initialize another YubiKey as backup.
 
 ```
 ykpersonalize -v -2 -ochal-resp -ochal-hmac -ohmac-lt64 -ochal-btn-trig -oserial-api-visible

book/arch/05-install-arch.md

@@ -75,7 +75,7 @@ sed -i "s/#YKFDE_CHALLENGE=/YKFDE_CHALLENGE=$YKFDE_CHALLENGE/g" /etc/ykde.conf
 Check that the YubiKey challenge was successfully saved to `/etc/ykde.conf` with `cat /etc/ykde.conf`.
 
 ## mkinitcpio
-The next step is to prepare the `mkinitcpio.conf` to encrypt the partition at boot. Open the file with 
+The next step is to prepare the `mkinitcpio.conf` to detect and unlock an encrypted partition at boot. Open the file with 
 `vi /etc/mkinitcpio.conf` and replace the *HOOKS* line with the following content.
 
 > Don't add `encrypt` hook, because we ues ykfde and respect the order !!!