Access tokens give the caller certain permissions in the application. OAuth 2.0 defines an application defined scope that limits what the caller can do inside the application (for example only retrieve the account balance).
Username/password combinations typically give full access to the application (make payments/transfers etc).
Access tokens are typically safer as they have a much shorter lifetime than username/password combinations. If you lose your access token, the attacker only has a limited timeframe in which access to your data can be gained.
Also, access tokens do not have to be stored in a database. They are verified via digital signatures. OAuth refresh tokens are typically stored on a database. However, the client needs the client id and client secret to use the refresh token to get a new access token.