PIV: used for additional encryption and signing keys (and signature-based authentication) through the PKCS #11 smartcard interface.
FIDO (both U2F and FIDO2 flavors): used for browser-integrated “passwordless” authentication (aka Passkeys) and 2FA (2-Factor Authentication) with WebAuthn; or for local terminal/desktop log-in and sudo authentication via PAM (Pluggable Authentication Modules); or for other signature-based authentication like SSH.
OATH: used with the Yubico Authenticator app for 2FA with TOTP (Time-based One-Time Password) or HOTP (HMAC-based One-Time Password).
(We won’t cover the YubiKey’s YubiHSM Auth application, which is used to store management credentials for a YubiHSM, since it’s relevant only if you manage YubiHSM devices.)
This guide assumes the primary reason why you want to use a YubiKey is that you fear at some point a remote adversary who’s targeting you specifically will gain root access on your local computer. With root on your computer, the adversary will be able to log your keystrokes and sift through your computer’s memory to identify and exfiltrate all the passwords and private keys you use regularly, as well as steal credentials stored on your computer’s hard drives (or remotely accessible from your computer).