Comment by okanat

With bank key generators yes you are correct. With Yubikey and Nitrokey, their logic is standardized. With Yubikey you trust that their implementation is good just like Windows or Mac users trust their OS to implement cryptographic algorithms/TLS correctly (or via external company certifications, if any).

With Nitrokey's open source firmware plus quite a bit CS education (specializing on cryptography) you can check whether their implementation quality is good. However, that is a lot of effort which will probably result in also requiring a third party certification.