BOOK THIS SPACE FOR AD
ARTICLE ADSecuring your online accounts with a password and username combination is no longer enough.
With data breaches occurring on a daily basis, many online service providers now offer alternative means of securing accounts. Two-factor and multi-factor authentication (2FA/MFA) methods have become widely adopted. These include verification codes sent to email addresses or mobile devices, biometrics, one-time passwords (OTPs), and passwordless authentication methods.
In some cases, vendors will require users to verify themselves through physical security keys.
There is often no better option than utilizing hardware-based authentication. While practicing good password hygiene is crucial for protecting your digital life, certain online accounts -- such as your Google or Dropbox accounts -- may contain a significant amount of sensitive information that warrants additional measures.
For example, if you are a Google Advanced Protection Program member, the company requires you to link a physical security key to your account for enhanced security.
Security keys offer an additional layer of security to prevent hackers from accessing your accounts. Even if a cybercriminal has obtained your username and password, or has even compromised your mobile device, they will still be unable to access your data without the key in hand.
Not only are security keys affordable and user-friendly, but they also prevent phishing attacks and are significantly more secure than SMS-based two-factor authentication. Security keys come in various formats, making them compatible with many devices you own. For organizations today concerned about cyberattacks stemming from accidental insiders, physical keys can also mitigate the risks associated with network intrusions.
Also: The best home security systems, from DIY to pro installation
ZDNET's favorite security key is the Yubico YubiKey 5 NFC. This is one of the best security keys available on the market today. It offers unbeatable security and convenience, making it a worthwhile investment for anyone looking to safeguard their online accounts.
The best security keys of 2023
Pros
Broad versatility NFC makes it compatible with both iPhone and Android devicesCons
Expensive, especially if you need two Technical knowledge may be requiredYubico YubiKey 5 NFC features: USB-A and NFC compatibility | Compact design | No battery required | Water, dust, and tamper-resistant | FIDO certified | Multi-protocol support | Compatible with iOS and Android mobile devices through NFC
The YubiKey 5 NFC combines the ubiquity of USB-A with the versatility of wireless NFC, enabling broad compatibility with a wide range of devices.
It is FIDO-certified, allowing it to work with Google Chrome and any FIDO-compliant application on Windows, macOS, or Linux. In addition, its NFC capability makes it compatible with iOS and Android mobile devices.
The YubiKey USB authenticator has multi-protocol support, including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, smart card (PIV), OpenPGP, and challenge-response capabilities, providing solid hardware-based authentication. Being dust, water, and tamper-proof, this key is a great all-rounder for your security needs.
Pros
Great price Discreet design SturdyCons
No NFC so no support for iPhone and Android Doesn't support macOS loginsThetis Fido U2F Security Key features: Tough and durable alloy shell | 360-degree design with rotating aluminum alloy cover | Looks like a USB flash drive | FIDO2 key is backward-compatible with U2F protocol | Compatible with latest Chrome browser on Windows, MacOS, and Linux
The FIDO2 key is backward-compatible with the U2F protocol and functions with the latest Chrome browser on operating systems such as Windows, MacOS, or Linux. All websites that comply with U2F protocols can support and protect U2F.
The key is designed with a 360-degree rotating metal cover that shields the USB connector when not in use. It is also made from a durable aluminum alloy to safeguard it against drops, bumps, and scratches.
Overall, this USB-A security key is reasonably priced. However, there are no advanced features such as a fingerprint reader, and you will want to buy more than one.
Pros
Low price USB-A and NFC support Robust and reliableFeitian ePass K9 USB Security Key features: FIDO2 + FIDO U2F certified | No drivers needed for browser use | Supports USB-A and NFC | Protects against phishing and cyber attacks | Robust and reliable
The Feitian ePass K9 is an entry-level key that should provide the basic features you need to lock your devices and services. The key supports desktops and laptops via USB-A, and supports Android smartphones and iPhones via NFC. However, keep in mind that there is no USB-C support.
ZDNET's Adrian Kingsley-Hughes has tested it and can confirm that it works on the iPhone and iOS using NFC without any problems.
Priced at $25, this is a perfect security key for beginners. Since two keys are recommended for added security, you can purchase two for $50. The Feitian ePass K9 USB Security Key offers all the features expected from a security key at an affordable price.
Pros
Slim, lightweight design IP68 rated Subscription alternatives availableCons
Only supports FIDO protocolsYubico Security Key C NFC features: FIDO certified, FIDO2/U2F compatible | USB-C | NFC connectivity | Suitable for Android, Windows 10 and iOS devices and apps | Defends against phishing and account takeovers
An alternative Yubico security key is the C NFC model. The USB-C key is best suited for businesses that want to implement physical 2FA procedures without spending a fortune.
The key is compatible with Android, Windows 10, and iOS devices, alongside services including AWS, Okta, Google accounts, Apple iCloud, Microsoft, and Cloudflare, among others.
These "tap and go" models do not support the Yubico Authenticator app. Instead, they have been designed for affordability and rapid security checks via USB-C, NFC, and FIDO protocols (a 5 series is best suited if you want more extensive features).
The company also offers a Yubico subscription to businesses that want to provide their teams with keys.
Pros
You get two keys Bluetooth supportCons
No USB-C Bluetooth key requires rechargingFeitian MultiPass K16 and USB ePass K9 Security Keys features: FIDO U2F certified security key | NFC interface for mobile phones and contactless readers | BLE for compatible mobile devices (MultiPass FIDO only) | Suitable for services requiring two security keys
The Feitian MultiPass K16 and USB ePass K9 Security Keys are a twin pack of keys with different capabilities. One key provides USB-A and NFC support, while the other key provides Bluetooth connectivity.
Together, they offer coverage for a wide range of platforms and devices. You may want to consider this affordable bundle if you are part of a protection plan, for example, or if you need different features to secure various online accounts.
Not to be confused with Google Titan, despite the similar design, this key pack is FIDO-compliant and also helps protect your accounts from phishing.
Pros
Compact and unobtrusive Built-in fingerprint readerCons
USB-A only No support for macOS and ChromeOS May need to download additional driversKensington Verimark Fingerprint Key features: Built-in biometrics for added security | Compatible with Windows Hello login feature | Compact and unobtrusive design | Stores up to 10 different fingerprints | FIDO U2F certified for cloud-based account security
The Kensington Verimark Fingerprint Key utilizes advanced biometric technology, offering excellent performance and 360-degree readability, as well as anti-spoofing protection.
With Microsoft's built-in Windows Hello login feature, logging into your Windows computer using just your fingerprint is possible. Users can store up to 10 different fingerprints, allowing multiple individuals to access the same computer without remembering different sets of usernames or passwords.
The Kensington Verimark Fingerprint Key is FIDO U2F certified, meaning your fingerprint can be used as a second-factor authentication to secure cloud-based accounts such as Google, Dropbox, GitHub, and Facebook.
However, you may need to download additional drivers from Kensington's website for different Windows operating systems.
Pros
Open source extensive featuresNitrokey 3A NFC features: Open source technologies | Based on Rust | Hardware security includes Secure Boot and ARM TrustZone | Supports multiple operating systems | Firmware updates | Supports FIDO U2F, FIDO2, WebAuthn, OTP, and more
Developed in the Rust language, the Nitrokey 3A NFC security key is based on open source technologies. The key's cryptographic framework and protocols, Trussed, are available for the public to view and examine.
Nitrokey can handle authentication protocols, including WebAuthn, FIDO U2F, FIDO2, one-time passwords, and time-based one-time passwords. Keep in mind, however, that not all functions are available straight out of the box -- you may need to spend some time updating the device.
The key's microprocessor has security features, including Secure Boot and ARM TrustZone. The Windows, macOS, Linux, BSD, Android, and iOS operating systems are supported via USB-A.
If you're willing to wait, a next-generation key is also available on pre-order.
As testers of security keys over the years, we recommend the Yubico YubiKey 5 NFC as the best security key available on the market today. It offers unbeatable security and convenience, making it a worthwhile investment for anyone looking to safeguard their online accounts. However, if this one doesn't suit you, they key features of our other favorites are listed below.
Security key | Price | Connector type | NFC support | Bluetooth support | Waterproofing | Supported services | Compatible devices |
Yubico YubiKey 5 NFC | $50 | USB-A and NFC | Yes | Yes | Water- and dust-resistant | Google Chrome, FIDO-compliant apps | Windows, macOS, Linux, iOS, Android |
Feitian ePass K9 USB Security Key | $25 | USB-A and NFC | Yes | No | N/A | U2F and FIDO2 services | Windows, macOS, Linux, Android |
Yubico Security Key C NFC | $29 | USB-C and NFC | Yes | Yes | IP68 water- and dust-resistant | FIDO-enabled services | Windows, Android, iOS |
Thetis Fido U2F Security Key | $26 | USB-A | No | No | N/A | U2F services | Windows, macOS, Linux |
Feitian MultiPass K16, USB ePass K9 | $50 | USB-A, NFC, and Bluetooth | Yes (MultiPass K16 only) | Yes (MultiPass K16 only) | N/A | U2F and FIDO2 services | Windows, macOS, Linux, Android |
Kensington Verimark Fingerprint Key | $27 | USB-A | No | No | N/A | Google, Dropbox, GitHub, and Facebook | Windows |
Nitrokey 3A NFC | $55 | NFC, USB-A | Yes | No | N/A | Various | Windows, macOS, Linux, BSD, Android, iOS |
Note: Prices and compatibility information may vary based on location and specific devices. This table is based on the information provided in the given descriptions and is subject to change.
It all boils down to which features you prioritize and your budget. Since having two security keys is recommended for added security, with one in use and the other as a backup, choosing a more affordable option could be cost-effective.
However, investing in a higher-end brand may be a wise decision if you already use security keys or anticipate frequent use.
Choose this security key… | If you want… |
Yubico YubiKey 5 NFC | The best security key out there with broad versatility and compatibility. This FIDO-certified key is an excellent all-rounder with multi-platform compatibility. |
Feitian ePass K9 USB Security Key | A cheap yet high-quality security key. The Feitian ePass key is a great option if you want an affordable security solution. |
Yubico Security Key C NFC | The best value key for business, considering its compatibility with services including AWS, Okta, Google accounts, Apple iCloud, Microsoft, and Cloudflare. |
Thetis Fido U2F Security Key | A cheap, no-frills, tough USB-A security key. However, there are few advanced features along with its rather stylish design. |
Feitian MultiPass K16 and USB ePass K9 Security Keys | A two-key bundle with USB-A, NFC, and Bluetooth support. It suits many users who need different authentication or communication protocols to protect their online accounts. |
Kensington Verimark Fingerprint Key | A simple USB-A security key with built-in biometrics. This key is discreet, compact, and user-friendly, although it has limited compatibility. |
Nitrokey 3A | Open source technologies, expansive security features, and protocol support. |
Extensive research has been conducted on every security key that is listed here across a wide range of devices and services. In some cases, this includes testing the keys on different operating systems, web browsers, and services to ensure they work smoothly and efficiently.
It was also important to analyze the feedback left by other users who have purchased and used these keys over a period of time. This has helped to determine the long-term reliability of each key and to identify any potential compatibility issues that users might encounter.
Our main criteria for selecting these security keys are:
Ease of use: There is often a learning curve associated with adopting a new security mechanism or gadget. We wanted to ensure that the next security key you buy is as close to seamless as possible, with easy setup and reasonable compatibility with devices and online services. Durability: As a physical device securing the keys to your digital kingdom, it is crucial that the products we recommend won't easily break. After all, they should be reliable enough to be a long-term security measure. Security features: Naturally, the security features of a security key are paramount. We considered each device's support for different authentication protocols alongside security measures including passwordless authentication.Price point: The cost of your next security key is an important factor to consider. As they are physical, we recommend that you pick up two, just in case one ends up lost. As a result, we wanted to ensure this was affordable.A security key is a physical device that generates a unique code used with a password to authenticate your identity when logging into a website or application. It uses public-key cryptography and is more secure than traditional 2FA methods.
The FIDO Alliance consortium has developed open standards for authentication protocols. The authentication standard is based on public key cryptography.
Devices that are FIDO certified allow users to quickly sign into their accounts using physical keys or biometric passkeys, and have also achieved FIDO protection and security standards.
SMS is open to SIM hijacking, while a physical key cannot be copied or the data intercepted. Think about it this way: 2FA verification codes sent via SMS messaging may be intercepted if your smartphone has been infected with malware, including spyware, but unless an attacker has your physical security key in their hand, they cannot grab the code required to access your account.
We recommend purchasing at least two -- one that you use day-to-day and one to keep as a backup. For example, you can keep one in your home office or attached to a keychain if you're on the road, while one is stashed safely away to cover you if you lose your primary key.
Very reliable. I've been using them for years as a Google Advanced Protection Program member, and I've never had an issue. I wasn't pleased when I was first assigned to the program when I was required to buy my first security key, but now I wouldn't be without one.
Here are a few alternatives on the market that could be worth investigating if none of our top recommendations appeal to you. It's not possible to showcase every single worthy security key product on the market, so other options we like the look of are below:
Best alternative for affordability
TrustKey T110 FIDO2 security key
The TrustKey T110 utlizes FIDO2 and U2F authentication with T110 and is compatible across all major browsers.
Best alternative anti-tamper option
Yubico YubiKey 5C
This security key supports all FIDO-compliant applications on Windows, macOS or Linux.
Best alternative for portability
Yubico YubiKey 5C Nano
The YubiKey 5C Nano is a great option if you want a discreet USB-C key to connect to your laptop.