Securing your password database with a single password should be considered high risk.
After purchasing a Series 5 Yubikey I thought of hardening my KeepassXC database security by locking it with the extra Challenge-Response method used with Yubikey.
I noticed that KeepassXC, the Appimage version, wouldn't recognize the key as plugged into my laptop and after a bit of searching I found that you would have to install the
libpam-yubico on your Ubuntu machine for things to work.
The process of locking your database with your Yubikey is to program the second available OTP slot on it with a Challenge-Response using the Yubikey Manager. Next you open your Keepass database and go to security and there should be an option for Yubikey Challenge-Response.
The next challenge was to get Keepass2Android to recognize the key in order to be able to access my passwords on the go. This was achieved by installing the ykDroid app and selecting "Password and Challenge-Response for KeepassXC" from the master key type dropdown menu selector.
Keep in mind that you might have to set up 2 Yubikeys with the same Challenge-Response since losing your only copy would mean you would lose access to all your other passwords.