YubiKeys are JUST for securing an online account. A Trezor (or Bitcoin client) could act as an identity in of itself! It's not 2-factor authentication but a single source of authentication that can be identified and tied to a Bitcoin public key.
A Yubikey has a unique, singular identity too (one key can be used on any number of sites) The real distinction being only that Yubico (sweden) is the central "identity verification server", whereas with Trezor it could verify against the blockchain, which may have a few advantages. (The 'off-label' use of the blockchain for verifying ID etc isn't really that new).
The problem is that if someone steals your Trezor (or YubiKey) then it's really a distinction without a difference. Back in the early days of web based banking (very early, like "Netscape" early) banks provided hardware crypto boxes with a keypad and LCD, conceptually not unlike a Trezor, except USB wasn't invented yet.
They used a challenge-response model, where the box signed a numerical "message" that was provided, and you typed the result back into your browser. Same thing there. Just too cumbersome and it was soon abandoned with the advent of SSL, etc. 2-factor verification has only relatively recently made a comeback for widespread use.It's surprising that people still believe SSL provides any privacy at all considering recent revelations by Ladar Levison (Lavabit founder), Mr. Snowden etc.
ALL SSL communication should be considered a 3-way conversation (as in you, me and the [insert 3-letter agency of your choice]). It may be "secure" but it's certainly not private.