[mrb]

Leave the yubikey plugged in all the time. It's fine with respect to most threat models, provided you lock the graphical session when you are away from the computer.

If someone steals the key, they can't really do anything with it. They can't sudo because the session is locked. They can't use it to log in your web accounts from other computers because websites ask for a password/pin in addition to touching the yubikey.

PS: you should always have a backup yubikey (or, better, two)

[withinboredom]

You can also set the yubikey to require a pin before touching. The yubikey auto wipes it’s memory of the presented pin is wrong too many times in a row. So just leaving it plugged in is much more sensible in that case.