A Yubikey can be used as a passkey (FIDO2 / Webauthn) instead of a password. In my experience most websites use the "security key" as a second factor in addition to a user/password login.

It can also be used to store/generate OTP (one time passwords) for 2FA with an alternative authenticator app on a phone/desktop.

I use both methods.

OK, I am starting to understand. Needed to read up on passkeys.

https://www.passkeycentral.org/introduction-to-passkeys/how-passkeys-work

I'm not yet sure if it is a good idea to skip 2FA when a passkey is used (Github does this for example). Also having your private passkey synced into Apple's iCloud (or similar) worries me a bit but I need to experiment some more to form an opinion.