[tokenizerrr]

Your iPhone is completely covered with your fingerprints. Also, if your phone gets hacked/compromised the attacker could steal the secret used to generate your TOTPs. This is not possible with the Yubikey, it is absolutely impossible to extract the private key.

I have a Yubikey on my keychain (it can easily withstand this), and it takes very little effort to plug it into the USB port when I require it. Less than it would be to take my phone out.

As a side-note, some time ago the Yubikey had a vulnerability with its GPG module so they shipped out new ones for free. I now have the old key (with no GPG keys loaded on it) permanently plugged into my USB hub at my desktop. It is amazingly convenient.

[numbsafari]

It's probably a lot easier to steal your keys than it is to dust his phone for fingerprints and go through all the trouble of then faking the print on the sensor.

Heck, all someone needs to do is grab the one permanently plugged into your USB hub on your work desktop after you've left for the day.

Just sayin'...

[tokenizerrr]

It's my desktop in my home. If someone breaks in (or steals the other yubikey from my keychain, and thus has the keys to my home) I have bigger issues. And they still won't know my password.