OP is storing his PIN – not his actual master password – on the YubiKey. Thus, unless I have misunderstood how BW works, the person who gains access to the YubiKey would also have to gain physical access to the laptop while OP is still logged in to his BW account. So, an attacker would either have to strong-arm OP while he is logged in, or pick-pocket the YubiKey and then wait for OP to leave his laptop unattended and locked but still logged in.
3 Likes