A hardware security key is a physical gadget—like a USB stick—that gives you an extra layer of security through multifactor authentication (MFA). When you sign in to certain services, you’ll plug it in and either tap or touch it on a compatible device to confirm it’s really you.
Yubico YubiKey 5 NFC
Best Security Key Overall
Yubico Security Key C NFC
Best Budget Security Key
-
Thetis Fido U2F Security Key
Best Basic Security Key
Kensington VeriMark™ Gen2 USB-A Fingerprint Key Reader
Best Hardware Security Key for Biometrics
-
Google Titan Security Key
Best Security Key for Google Services
What to Look For in a Hardware Security Key
If you’ve spent any time online, you’ve probably come across two-factor authentication (2FA,) where you log in with your password, then get a code sent to your phone or email that you have to punch in. Sometimes you get it from an authenticator app instead.
Unfortunately, these methods aren’t bulletproof. SMS codes can be intercepted with SIM-swapping attacks, emails can be hacked through social engineering, and authenticator apps are useless if your phone gets stolen—or if you just forget it at a coffee shop.
This is where security keys are helpful as a form of Multi-Factor Authentication (MFA)—you add more than one layer of security to prove it’s really you logging in. Unlike SMS or email codes, physical security keys can’t be intercepted or hacked remotely.
Yes, they can be stolen, but some security keys come with biometrics or require a PIN, so even if someone gets their hands on your key, they cannot access your accounts without your fingerprint or tap.
So, when shopping for a security key, ensure it supports your accounts’ protocols. For example, if you want to secure your Twitter, Google, and Facebook accounts, you’ll need a key that works with all of them.
The most common protocol right now is FIDO2, which almost every major service supports. There’s also FIDO U2F, an older version of FIDO2, but most devices that support FIDO2 are backward compatible with U2F.
Some keys have extra features, like One-Time Passwords (OTP) through protocols such as OATH TOTP or Yubico OTP. Others support OpenPGP, which encrypts your emails so only someone with the right OpenPGP key can read them.
On the other hand, if you don’t care about OTPs or encrypted emails, a simple FIDO2 key will cover almost all of your needs.
Also, make sure your key works with the devices you use the most. If you’re mainly securing stuff on your phone, get a key with NFC for easy tap-and-go access. If you want to use biometrics like Windows Hello, use a security key with a fingerprint scanner.
How Did We Research | ||
Models Evaluated | Hours Researched | Reviews Analyzed |
10 | 10 | 22 |
How-To Geek’s product recommendations come from the same team of experts that have helped people fix their gadgets over one billion times. We only recommend the best products based on our research and expertise. We never accept payment to endorse or review a product. Read More »
Pros | Cons |
Compatible with lots of services and devices | Costly for those who don’t need the advanced features |
Easy to set up and operate | |
FIDO-certified with advanced security features | |
Compatible with Yubico Authenticator app |
The Yubico YubiKey 5 NFC is easily one of the best security keys for most people who use Google, Windows, macOS, ChromeOS, or Linux and are serious about their online security. It also works with Android and iOS. It provides strong two-factor authentication across over 300 popular services, including password managers and social media platforms. You can check here to see if your favorite services are supported.
Setup is easy, and once you’re up and running, using it is a breeze. Just plug it into a USB-A port on your PC or tap it on a compatible NFC-enabled mobile device when prompted, and you’re all set.
The YubiKey 5 NFC is part of Yubico’s Series 5 keys and works with the Yubico Authenticator app. The app supports FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, smart card (PIV), OpenPGP, as well as challenge-response authentication. Finally, with an IP67 water resistance rating, it’s built with durable materials that resist water, dust, and tampering.
With wide compatibility, multi-protocol support, and USB-A/NFC connectivity, the YubiKey 5 NFC is a solid choice for locking down your online accounts.
Best Security Key Overall
Yubico YubiKey 5 NFC
The Yubico Yubikey 5 NFC is the best security key for people looking for the perfect balance of cost, features, and functionality with FIDO multi-protocol support.
Pros | Cons |
Affordable FIDO hardware security key | Does not support OTP, TOTP, Smart Card (PIV) |
USB-C and NFC connectivity options | |
Works with multiple OSs and devices | |
Resistant to water, crushing, and tampering |
If you’re on a tight budget but still want tight security, the Yubico Security Key C NFC is the perfect budget security key. Priced at under $30, it’s a steal compared to enterprise-grade keys that can cost hundreds—or even thousands—of dollars. It’s also easy to use and, like all the featured security keys on our list, does not require batteries or Wi-Fi. Just plug it into a USB-C port or tap it on an NFC-compatible device, and you’re good to go.
This key works with Windows, macOS, ChromeOS, Linux, and supports Google and Microsoft accounts along with popular password managers. It’s compatible with FIDO2 for password-less login and FIDO U2F for second-factor authentication.
While it doesn’t support OTP and other advanced features like the Yubikey 5 NFC, it’s built tough and is also resistant to water, dust, and tampering. If you’re looking for a simple, budget-friendly key, this one’s a no-brainer.
Best Budget Security Key
Yubico Security Key C NFC
The perfect way for the average computer or phone user to improve their digital security. The Yubico Security Key C NFC is compatible with a wide variety of devices, supports the most common protocols in FIDO U2F and FIDO2, and is robust enough to survive life on a keychain. All for less than $30.
Pros | Cons |
Basic, beginner-friendly security key | Limited compatibility and no advanced security features |
Easy to set up and simple to use | |
Uses FIDO U2F protocol | |
Affordable and durable construction |
If you’re looking for something basic and beginner-friendly, the Thetis FIDO U2F Security Key is worth checking out. It’s designed to be simple, so even someone less tech-savvy can use it.
Like Yubico security keys, setting up the Thetis security key is straightforward. To use it, plug it into a USB-A port and press the button to approve your login. It works with Chrome and Opera (version 40 and later) on Windows, macOS, and Linux. You’re good to go as long as the website supports FIDO U2F. That means popular services like Google Workspace, Facebook, and Salesforce are all compatible.
However, this key doesn’t work with any email client and is not compatible with OTP or UAF protocols. If you need those features, consider the Thetis FIDO2 HOTP Security Key instead. But for a basic security key that gets the job done, the Thetis FIDO U2F is a great entry-level option at a budget-friendly price that’s hard to beat.
Best Basic Security Key
Thetis Fido U2F Security Key
The Thetis FIDO U2F Securty Key is ideal for those who are new to hardware security keys, who want an affordable, simple, no-frills experience.
Pros | Cons |
|---|---|
Will sit nearly flush in a laptop port | Not compatible with Windows ARM computers |
Windows Hello compatible | No USB-C port |
Compatible with many popular password managers | Not compatible with other OSes |
Fingerprint scanners are incredibly useful for keeping your information safe. No one can hack your fingerprint, after all, and all you need to do to unlock it is tap the reader. The Kensington Gen2 VeriMark, the new version of our previous pick, is the best fingerprint key you can buy.
This USB-A key will sit nearly flush in its port, making it ideal for laptops and other devices where you don’t want a stick poking out. It does, unfortunately, still stick out a bit, but it’s nothing compared to the other options on our roundup. You can also store up to ten fingerprints on the key, making it easy for you to use multiple fingers and give access to friends, family, or IT.
As for security, the VeriMark follows the latest web standards and privacy laws, so you know your data will be secure. There is even compatibility for passkeys, making logging in easier than ever.
That said, this Kensington security key isn’t perfect. For starters, it only works on Windows; the fingerprint reader can’t be used with macOS or ChromeOS. On top of that, the scanner is also incompatible with Windows ARM computers, so keep that in mind if you’re using the special version of the OS. Finally, there is no USB-C port or version of the Gen2 VeriMark, but given that most devices you’ll want to secure will have a fair amount of USB-A ports, this isn’t much of a dealbreaker.
Best Hardware Security Key for Biometrics
Kensington VeriMark Gen2 Fingerprint Reader
This small fingerprint key will keep your laptop safe while remaining relatively flush to your device. It’s also compatible with Windows Hello and a variety of password managers.
Pros | Cons |
Built by Google, perfect for Google services | Initial setup can be tricky for some users |
Stores up to 250 passkeys | |
FIDO compatible | |
Compatible with numerous services and devices |
If you’re already heavily invested in the Google ecosystem, the Google Titan Security Key is your best bet. Created by Google, it works perfectly with the company’s services, but the security key also works with many other platforms.
Unlike other security keys that store only a few fingerprints, the Google Titan can store up to 250 passkeys, making it super versatile, even with non-Google services. It works with Google phones, Chromebooks, tablets, and anything that can run Google Chrome. It’s also compatible with Google’s Advanced Protection Program, which offers extra security for high-risk users.
The Titan Security Key comes in two versions: USB-A with NFC (and a USB-C adapter) or USB-C with NFC for just $5 more. Whichever you go for, you’re sure to get good value for your money. Built on the FIDO protocol, it offers secure two-factor authentication and is tough enough to handle daily wear and tear. Setup can be tricky at first—you might have to repeat some steps—but once it’s ready, it’s smooth sailing.
Best Security Key for Google Services
Google Titan Security Key
The Google Titan Security Key is the best choice for users who are familiar and comfortable with the Google ecosystem. FIDO-certified, it has solid features and also supports non-Google services and platforms.
FAQ
Why should I use a hardware security key?
Hardware security keys are highly recommended because of the “possession factor”; the fact that you alone possess the means of access, in this case, a hardware security key.
What are security key certifications?
Security key certifications show how secure a device is. Each Evaluation Assurance Level (EAL) comes from Common Criteria security tests—a global standard for evaluating digital security—they range from EAL1 (basic security) to EAL7 (the highest level of security).
What should I do if I lost my hardware security key?
During initial setup, most hardware security keys prompt you to set up a recovery method. If you did and you lose your key, simply remove the key as an authentication device on your account. Alternatively, you can use a backup security key if you have one already set up. Otherwise, there’s really nothing much you can do.
Can any USB drive be a security key?
Yes, you can turn just about any USB drive into a security key using tools like Predator (Windows), Rohos Logon Key (Windows, Mac), and USB Raptor (Windows). Predator and Rohos Logon Key require payment to unlock their full features.
Leave a Comment
Your email address will not be published. Required fields are marked *