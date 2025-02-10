A hardware security key is a physical gadget—like a USB stick or—that gives you an extra layer of security through multifactor authentication (MFA). When you sign in to certain services, you’ll plug it in and either tap or touch it on a compatible device to confirm it’s really you.

What to Look For in a Hardware Security Key

If you’ve spent any time online, you’ve probably come across two-factor authentication (2FA,) where you log in with your password, then get a code sent to your phone or email that you have to punch in. Sometimes you get it from an authenticator app instead.

Unfortunately, these methods aren’t bulletproof. SMS codes can be intercepted with SIM-swapping attacks, emails can be hacked through social engineering, and authenticator apps are useless if your phone gets stolen—or if you just forget it at a coffee shop.

This is where security keys are helpful as a form of Multi-Factor Authentication (MFA)—you add more than one layer of security to prove it’s really you logging in. Unlike SMS or email codes, physical security keys can’t be intercepted or hacked remotely.

Yes, they can be stolen, but some security keys come with biometrics or require a PIN, so even if someone gets their hands on your key, they cannot access your accounts without your fingerprint or tap.

So, when shopping for a security key, ensure it supports your accounts' protocols. For example, if you want to secure your Twitter, Google, and Facebook accounts, you’ll need a key that works with all of them.

The most common protocol right now is FIDO2, which almost every major service supports. There’s also FIDO U2F, an older version of FIDO2, but most devices that support FIDO2 are backward compatible with U2F.

Some keys have extra features, like One-Time Passwords (OTP) through protocols such as OATH TOTP or Yubico OTP. Others support OpenPGP, which encrypts your emails so only someone with the right OpenPGP key can read them.

On the other hand, if you don’t care about OTPs or encrypted emails, a simple FIDO2 key will cover almost all of your needs.

Also, make sure your key works with the devices you use the most. If you’re mainly securing stuff on your phone, get a key with NFC for easy tap-and-go access. If you want to use biometrics like Windows Hello, use a security key with a fingerprint scanner.

Best Security Key Overall: Yubico YubiKey 5 NFC

Pros Cons Compatible with lots of services and devices Costly for those who don't need the advanced features Easy to set up and operate FIDO-certified with advanced security features Compatible with Yubico Authenticator app

The Yubico YubiKey 5 NFC is easily one of the best security keys for most people who use Google, Windows, macOS, ChromeOS, or Linux and are serious about their online security. It also works with Android and iOS. It provides strong two-factor authentication across over 300 popular services, including password managers and social media platforms. You can check here to see if your favorite services are supported.

Setup is easy, and once you’re up and running, using it is a breeze. Just plug it into a USB-A port on your PC or tap it on a compatible NFC-enabled mobile device when prompted, and you're all set.

The YubiKey 5 NFC is part of Yubico’s Series 5 keys and works with the Yubico Authenticator app. The app supports FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, smart card (PIV), OpenPGP, as well as challenge-response authentication. Finally, with an IP67 water resistance rating, it’s built with durable materials that resist water, dust, and tampering.

With wide compatibility, multi-protocol support, and USB-A/NFC connectivity, the YubiKey 5 NFC is a solid choice for locking down your online accounts.

Best Security Key Overall Yubico YubiKey 5 NFC The Yubico Yubikey 5 NFC is the best security key for people looking for the perfect balance of cost, features, and functionality with FIDO multi-protocol support. $50 at Amazon

Best Budget Security Key: Yubico Security Key C NFC

Pros Cons Affordable FIDO hardware security key Does not support OTP, TOTP, Smart Card (PIV) USB-C and NFC connectivity options Works with multiple OSs and devices Resistant to water, crushing, and tampering

If you're on a tight budget but still want tight security, the Yubico Security Key C NFC is the perfect budget security key. Priced at under $30, it’s a steal compared to enterprise-grade keys that can cost hundreds—or even thousands—of dollars. It’s also easy to use and, like all the featured security keys on our list, does not require batteries or Wi-Fi. Just plug it into a USB-C port or tap it on an NFC-compatible device, and you’re good to go.

This key works with Windows, macOS, ChromeOS, Linux, and supports Google and Microsoft accounts along with popular password managers. It’s compatible with FIDO2 for password-less login and FIDO U2F for second-factor authentication.

While it doesn’t support OTP and other advanced features like the Yubikey 5 NFC, it’s built tough and is also resistant to water, dust, and tampering. If you’re looking for a simple, budget-friendly key, this one’s a no-brainer.

Best Budget Security Key Yubico Security Key C NFC The perfect way for the average computer or phone user to improve their digital security. The Yubico Security Key C NFC is compatible with a wide variety of devices, supports the most common protocols in FIDO U2F and FIDO2, and is robust enough to survive life on a keychain. All for less than $30. $29 at Amazon

Best Basic Hardware Security Key: Thetis FIDO U2F Security Key

Pros Cons Basic, beginner-friendly security key Limited compatibility and no advanced security features Easy to set up and simple to use Uses FIDO U2F protocol Affordable and durable construction

If you're looking for something basic and beginner-friendly, the Thetis FIDO U2F Security Key is worth checking out. It’s designed to be simple, so even someone less tech-savvy can use it.

Like Yubico security keys, setting up the Thetis security key is straightforward. To use it, plug it into a USB-A port and press the button to approve your login. It works with Chrome and Opera (version 40 and later) on Windows, macOS, and Linux. You're good to go as long as the website supports FIDO U2F. That means popular services like Google Workspace, Facebook, and Salesforce are all compatible.

However, this key doesn’t work with any email client and is not compatible with OTP or UAF protocols. If you need those features, consider the Thetis FIDO2 HOTP Security Key instead. But for a basic security key that gets the job done, the Thetis FIDO U2F is a great entry-level option at a budget-friendly price that's hard to beat.

Best Basic Security Key Thetis Fido U2F Security Key The Thetis FIDO U2F Securty Key is ideal for those who are new to hardware security keys, who want an affordable, simple, no-frills experience. $20 at Amazon

Best Security Key for Biometrics: Kensington VeriMark Fingerprint Key

