YK's FIDO2 action can be passphrase protected. Mine has passphrases for FIDO2 and gpg. So stealing it won't help anyone.
But the whole premise is that the attacker is able to guess/see your password.
But the whole premise is that the attacker is able to guess/see your password.