Yubikey does not store passwords, it generates them. It generates one time passwords for two factor authorization that expire very quickly. So if your password is stolen, the attacker would also need your Yubikey to generate a one time password that can be verified by Yubikey with your device. The Yubikey plugs in USB and acts like a keyboard typing in the password when you hit the button