Depends... Your phone runs millions of lines of code and you likely browse the web on it which means that any moment an exploit could take over your phone. (or the regularly scheduled bluetooth vulnerabilities).
Bam, someone now have the ability to authenticate as you without even needing physical contact and without you ever noticing - this could run for years without any trace. With yubikey you will notice that it is missing.
There is a yubikey with fingerprint sensor that is supposed to come soon as well.
In my case, the biggest case against a phone app is that the most likely disruption would be either that my phone was stolen (though not specifically to get my credentials) or just break from a fall or something.
And until there is a decent fallback from that passwords are the better choice for me. (Yubikeys aren't that much better in that regard either)
Bam, someone now have the ability to authenticate as you without even needing physical contact and without you ever noticing - this could run for years without any trace. With yubikey you will notice that it is missing.
There is a yubikey with fingerprint sensor that is supposed to come soon as well.
In my case, the biggest case against a phone app is that the most likely disruption would be either that my phone was stolen (though not specifically to get my credentials) or just break from a fall or something.
And until there is a decent fallback from that passwords are the better choice for me. (Yubikeys aren't that much better in that regard either)