except yubikey communications are not static, so unlike password, sniffing it doesn't allow attacker to open all future versions of the db