The best security keys of 2024: Expert tested

8 months ago 80
BOOK THIS SPACE FOR AD
ARTICLE AD

Securing your online accounts with a password and username combination is no longer enough. With data breaches occurring on a daily basis, many online service providers now offer alternative means of securing accounts. Two-factor and multi-factor authentication (2FA/MFA) methods have become widely adopted, alongside early passwordless authentication methods -- and in some cases, you may need to verify yourself through a physical security key. 

Even if a cybercriminal has obtained your username and password or has even compromised your mobile device, they will still be unable to access your data without the key in hand. Not only are security keys affordable and user-friendly, but they also prevent phishing attacks and are significantly more secure than SMS-based two-factor authentication. Security keys come in various formats, making them compatible with many devices you own. 

Also: The best home security systems, from DIY to pro installation

What is the best security key right now?

ZDNET's favorite security key is the Yubico YubiKey 5 NFC. This is one of the best security keys available on the market today. It offers unbeatable security and convenience, making it a worthwhile investment for anyone looking to safeguard their online accounts. 

ZDNET has tested many security keys throughout the years, and we frequently track market developments and changes. Below, you will find our top picks for security keys today.

Best security keys of 2024

Pros

Broad versatility NFC makes it compatible with both iPhone and Android devices

Cons

Expensive, especially if you need two Technical knowledge may be required

Yubico YubiKey 5 NFC features: USB-A and NFC compatibility | Compact design | No battery required | Water, dust, and tamper-resistant | FIDO certified | Multi-protocol support | Compatible with iOS and Android mobile devices through NFC

The YubiKey 5 NFC combines the ubiquity of USB-A with the versatility of wireless NFC, enabling broad compatibility with a wide range of devices. 

It is FIDO-certified, allowing it to work with Google Chrome and any FIDO-compliant application on Windows, macOS, or Linux. In addition, its NFC capability makes it compatible with iOS and Android mobile devices. 

The YubiKey USB authenticator has multi-protocol support, including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, smart card (PIV), OpenPGP, and challenge-response capabilities, providing solid hardware-based authentication. Being dust, water, and tamper-proof, this key is a great all-rounder for your security needs. 

Each key will set you back $50. Customer feedback indicates that this popular key is an excellent option, although you will need some rudimentary technological knowledge.

Pros

Great price Discreet design Sturdy

Cons

No NFC so no support for iPhone and Android Doesn't support macOS logins

Thetis Fido U2F Security Key features: Tough and durable alloy shell | 360-degree design with rotating aluminum alloy cover | Looks like a USB flash drive | FIDO2 key is backward-compatible with U2F protocol | Compatible with latest Chrome browser on Windows, MacOS, and Linux

The FIDO2 key is backward-compatible with the U2F protocol and functions with the latest Chrome browser on operating systems such as Windows, MacOS, or Linux. All websites that comply with U2F protocols can support and protect U2F.

The key is designed with a 360-degree rotating metal cover that shields the USB connector when not in use. It is also made from a durable aluminum alloy to safeguard it against drops, bumps, and scratches.

Overall, this USB-A security key is reasonably priced at $26. However, there are no advanced features such as a fingerprint reader, and you will want to buy more than one. Despite this, customers like its sleek and discreet design and find it easy to setup and use. 

Pros

Low price USB-A and NFC support Robust and reliable

Feitian ePass K9 USB Security Key features: FIDO2 + FIDO U2F certified | No drivers needed for browser use | Supports USB-A and NFC | Protects against phishing and cyber attacks | Robust and reliable

The Feitian ePass K9 is an entry-level key that should provide the basic features you need to lock your devices and services. The key supports desktops and laptops via USB-A, and supports Android smartphones and iPhones via NFC. However, keep in mind that there is no USB-C support. 

ZDNET's Adrian Kingsley-Hughes has tested it and can confirm that it works on the iPhone and iOS using NFC without any problems, and customer feedback shows that users find the key works very well across multiple platforms.

Priced at $25, this is a perfect security key for beginners. Since two keys are recommended for added security, you can purchase two for $50. The Feitian ePass K9 USB Security Key offers all the features expected from a security key at an affordable price.

Pros

Slim, lightweight design IP68 rated Subscription alternatives available

Cons

Only supports FIDO protocols

Yubico Security Key C NFC features: FIDO certified, FIDO2/U2F compatible | USB-C | NFC connectivity | Suitable for Android, Windows 10 and iOS devices and apps | Defends against phishing and account takeovers

An alternative Yubico security key is the $29 C NFC model. The USB-C key is best suited for businesses that want to implement physical 2FA procedures without spending a fortune. 

The key is compatible with Android, Windows 10, and iOS devices, alongside services including AWS, Okta, Google accounts, Apple iCloud, Microsoft, and Cloudflare, among others.

These "tap and go" models do not support the Yubico Authenticator app. Instead, they have been designed for affordability and rapid security checks via USB-C, NFC, and FIDO protocols (a 5 series is best suited if you want more extensive features). 

The company also offers a Yubico subscription to businesses that want to provide their teams with keys. Customers say that the key 'just works', but customer support could be improved.

Pros

Compact and unobtrusive Built-in fingerprint reader

Cons

USB-A only No support for macOS and ChromeOS May need to download additional drivers

Kensington Verimark Fingerprint Key features: Built-in biometrics for added security | Compatible with Windows Hello login feature | Compact and unobtrusive design | Stores up to 10 different fingerprints | FIDO U2F certified for cloud-based account security

The Kensington Verimark Fingerprint Key utilizes advanced biometric technology, offering excellent performance and 360-degree readability, as well as anti-spoofing protection.

With Microsoft's built-in Windows Hello login feature, logging into your Windows computer using just your fingerprint is possible. Users can store up to 10 different fingerprints, allowing multiple individuals to access the same computer without remembering different sets of usernames or passwords.

The Kensington Verimark Fingerprint Key is FIDO U2F certified, meaning your fingerprint can be used as a second-factor authentication to secure cloud-based accounts such as Google, Dropbox, GitHub, and Facebook.

You may need to download additional drivers from Kensington's website for different Windows operating systems and some users report recognition problems. However, it is still a top choice -- especially as the key is on sale for only $19.

Pros

Open source Extensive features

Nitrokey 3C NFC features: Open source technologies | Based on Rust | Hardware security includes Secure Boot and ARM TrustZone | Supports multiple operating systems | Firmware updates | Supports NFC, USB-C, FIDO U2F, FIDO2, WebAuthn, OTP, and more 

Developed in the Rust language, the new Nitrokey 3C NFC security key is based on open source technologies. The key's cryptographic framework and protocols, Trussed, are available for the public to view and examine. 

Nitrokey supports various authentication protocols, including FIDO U2F, FIDO2, one-time passwords, OpenPGP smart card, Curve25519, and Common Criteria EAL 6+. Keep in mind, however, that not all functions are available straight out of the box -- you may need to spend some time updating the device.

The $59 key's microprocessor has security features, including Secure Boot, ARM TrustZone, and Physical Unclonable Functions (PUF). 

Pros

High security standards USB-C adapter included

Google Titan security key features: FIDO-certified security key | USB-A/NFC, USB-C/NFC | USB-C to USB-A adapter | supports 250 passkeys

The Google Titan security key line, recently updated to include support for up to 250 passkeys, is an affordable way to bolster your online security. The key is USB-C-compatible and a USB-C to USB-A adapter is included for legacy devices. 

This stylish option is based on FIDO standards and you can connect most Android and iOS devices, as well as most devices able to run Google Chrome. If you're looking for a key suitable for most platforms, this key is for you -- and as a bonus, it is well-priced.

Titan security keys are compatible with Google's Advanced Protection Program, a scheme you may be required to join if you are considered at higher risk of cyberattacks -- including phishing and email-based attacks -- than the average consumer. Compatibility requirements are listed here. Setup is easy but I've found that, on occasion, you may end up in verification loops when you try to register a new device with your key.

Also: Hands on with Google's new Titan Security Keys - and why they still have their place

As testers of security keys over the years, we recommend the Yubico YubiKey 5 NFC as the best security key available on the market today. It offers unbeatable security and convenience, making it a worthwhile investment for anyone looking to safeguard their online accounts. However, if this one doesn't suit you, the key features of our other favorites are listed below.

Security key

Price

Connector type

NFC support

Bluetooth support

Waterproofing

Supported services

Compatible devices

Yubico YubiKey 5 NFC

$50

USB-A and NFC

Yes

Yes

Water- and dust-resistant

Google Chrome, FIDO-compliant apps

Windows, macOS, Linux, iOS, Android

Thetis Fido U2F Security Key

$26

USB-A

No

No

N/A

U2F services

Windows, macOS, Linux

Feitian ePass K9 USB Security Key

$25

USB-A and NFC

Yes

No

N/A

U2F and FIDO2 services

Windows, macOS, Linux, Android

Yubico Security Key C NFC

$29

USB-C and NFC

Yes

Yes

IP68 water- and dust-resistant

FIDO-enabled services

Windows, Android, iOS

Kensington Verimark Fingerprint Key

$19

USB-A

No

No

N/A

Google, Dropbox, GitHub, and Facebook

Windows

Nitrokey 3C NFC

$59

NFC, USB-C

Yes

No 

N/A

Various

Windows, macOS, Linux, BSD, Android, iOS

Google Titan security key

$30

USB-C, NFC, and Bluetooth

Yes

Yes

No official IP rating

FIDO, Google Chrome services, various apps

Windows, macOS, Android, Google Chome compatible devices

Note: Prices and compatibility information may vary based on location and specific devices. This table is based on the information provided in the given descriptions and is subject to change.

It all boils down to which features you prioritize and your budget. Since having two security keys is recommended for added security, with one in use and the other as a backup, choosing a more affordable option could be cost-effective. 

However, investing in a higher-end brand may be a wise decision if you already use security keys or anticipate frequent use.

Choose this security key…

If you want…

Yubico YubiKey 5 NFC

The best security key out there with broad versatility and compatibility. This FIDO-certified key is an excellent all-rounder with multi-platform compatibility.

Thetis Fido U2F Security Key

A cheap, no-frills, tough USB-A security key. However, there are not many advanced features, despite its rather stylish design.

Feitian ePass K9 USB Security Key

A cheap yet high-quality security key. The Feitian ePass key is a great option if you want an affordable security solution.

Yubico Security Key C NFC

The best value key for business, considering its compatibility with services including AWS, Okta, Google accounts, Apple iCloud, Microsoft, and Cloudflare. 

Kensington Verimark Fingerprint Key

A simple USB-A security key with built-in biometrics. This key is discreet, compact, and user-friendly, although it has limited compatibility.

Nitrokey 3C

Open source technologies, expansive security features, and protocol support.

Google Titan security key

An affordable, multi-platform key suitable for Chrome-supporting services, Android, and iOS apps that can store up to 250 passkeys.

While you're deciding what security key is right for you, consider the following factors:

Service compatibility: Ensure that the key you're interested in is compatible with your main services, such as your email provider or business tools and platforms. One, or two?: We recommend that you purchase a key and a backup. You can often buy two packs of security keys, but in some cases, you may have to spend more. Security standards: Security keys should adhere to modern security standards such as FIDO2. Check that your choice meets these standards to ensure you receive the best protection possible.Connectivity: Hardware-based security keys use different forms of connectivity, and so you should consider what type works best for you, whether USB-based, Bluetooth, or NFC.

Extensive research has been conducted on every security key that is listed here across a wide range of devices and services. In some cases, this includes testing the keys on different operating systems, web browsers, and services to ensure they work smoothly and efficiently.

It was also important to analyze the feedback left by other users who have purchased and used these keys over a period of time. This has helped to determine the long-term reliability of each key and to identify any potential compatibility issues that users might encounter. 

Our main criteria for selecting these security keys are: 

Ease of use: There is often a learning curve associated with adopting a new security mechanism or gadget. We wanted to ensure that the next security key you buy is as close to seamless as possible, with easy setup and reasonable compatibility with devices and online services. Durability: As a physical device securing the keys to your digital kingdom, it is crucial that the products we recommend won't easily break. After all, they should be reliable enough to be a long-term security measure. Security features: Naturally, the security features of a security key are paramount. We considered each device's support for different authentication protocols alongside security measures including passwordless authentication.Price point: The cost of your next security key is an important factor to consider. As they are physical, we recommend that you pick up two, just in case one ends up lost. As a result, we wanted to ensure this was affordable. 

A security key is a physical device that generates a unique code used with a password to authenticate your identity when logging into a website or application. It uses public-key cryptography and is more secure than traditional 2FA methods.

The FIDO Alliance consortium has developed open standards for authentication protocols. The authentication standard is based on public key cryptography. 

Devices that are FIDO certified allow users to quickly sign into their accounts using physical keys or biometric passkeys, and have also achieved FIDO protection and security standards. 

SMS is open to SIM hijacking, while a physical key cannot be copied or the data intercepted. Think about it this way: 2FA verification codes sent via SMS messaging may be intercepted if your smartphone has been infected with malware, including spyware, but unless an attacker has your physical security key in their hand, they cannot grab the code required to access your account.

We recommend purchasing at least two -- one that you use day-to-day and one to keep as a backup. For example, you can keep one in your home office or attached to a keychain if you're on the road, while one is stashed safely away to cover you if you lose your primary key. 

Very reliable. I've been using them for years as a Google Advanced Protection Program member, and I've never had an issue. I wasn't pleased when I was first assigned to the program when I was required to buy my first security key, but now I wouldn't be without one. 

Security keys are one of the best authentication methods on the market today and they have very little exploitable attack surface, making them difficult to 'hack' in any way. While there are cases of keys being cloned for academic purposes, as security keys are not constantly connected to the Internet, you don't have to worry about the most common attack vectors having any impact on them. Just keep your key in a safe place.

Here are alternatives on the market that could be worth investigating if none of our top recommendations appeal to you. It's not possible to showcase every single worthy security key product on the market, so other options we like the look of are below:

View at SolokeysView at AmazonView at AmazonView at Amazon
Read Entire Article