The yubikey will have actual security.
M1 uses some crypto, but it’s been broken forever.
So your login using M1’s is more or less just your implant entering a small pin code.
This pin doesn’t change, it’s just a static pin.
The yubikey (or soon™ the apex) works a lot different.
At it’s most basic form of 2FA, TOTP. it will generate one time passwords, like you said:
So yes.
In general, ignoring that there are tons of ways to make 2FA, real 2FA will prove your chip knows a secret without revealing the secret.
That’s the key takeaway, it’s unclonable because it never reveals it’s secret.
There’s a lot of interesting stuff to unpack if you wanna dive deeper.
Go to the TOTP wikipedia and click anything you don’t know from there.
E.g. TOTP → HOTP → cryptographic hash…
Once you’re done with that you can look at asymmetric crypto and modern 2FA.