> First I've heard of this. Do you have some links where I can read more about this?
Sure, the comparison table on the Nitrokey site[1] is probably sufficient.
Anything without a green tick next to "tamper-resistant smart card" is a software implementation with the associated risks (e.g. firmware updates are available[2] - i.e. if you can update the firmware then you've also got a low-level attack vector for miscreants).
Meanwhile all YubiKeys are hardware backed and it has never been possible to update firmware on them.
You can use Nitrokey too, but IIRC be careful which one you buy as some are software-only implementations.