Securing your online accounts with a password and username combination is no longer enough. With data breaches occurring daily, many online service providers now offer alternative means of securing accounts. Two-factor and multi-factor authentication (2FA/MFA) methods have become widely adopted, alongside early passwordless authentication methods, and in some cases, you may need to verify yourself through a physical security key.
Even if a cybercriminal has obtained your username and password or has even compromised your mobile device, they won't be able to access your data without the key in hand. Not only are security keys affordable and user-friendly, but they also prevent phishing attacks and are significantly more secure than SMS-based two-factor authentication. Security keys come in various formats, making them compatible with many devices you own.
Also:The best home security systems, from DIY to pro installation
What is the best security key right now?
ZDNET's favorite security key is the Yubico YubiKey 5 NFC. It offers excellent security and convenience, making it a worthwhile investment for anyone looking to safeguard their online accounts.
ZDNET has tested many security keys throughout the years and frequently tracks market developments and changes. Below, you will find our top picks for security keys today.
Best security keys of 2024
Pros & Cons
Pros
- Broad versatility
- NFC makes it compatible with both iPhone and Android devices
Cons
- Expensive, especially if you need two
- Technical knowledge may be required
More Details
The YubiKey 5 NFC combines the ubiquity of USB-A with the versatility of wireless NFC, enabling broad compatibility with a wide range of devices.
It is FIDO-certified, allowing it to work with Google Chrome and any FIDO-compliant application on Windows, macOS, or Linux. In addition, its NFC capability makes it compatible with iOS and Android mobile devices.
The YubiKey USB authenticator has multi-protocol support, including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, smart card (PIV), OpenPGP, and challenge-response capabilities, providing solid hardware-based authentication. Being dust, water, and tamper-proof, this key is a great all-rounder for your security needs.
Each key will set you back $50. Customer feedback indicates that this popular key is an excellent option, although you will need some rudimentary technological knowledge.
Yubico YubiKey 5 NFC features:USB-A and NFC compatibility |Compact design | No battery required | Water, dust, and tamper-resistant | FIDO certified | Multi-protocol support | Compatible with iOS and Android mobile devices through NFC
Pros & Cons
Pros
- Great price
- Discreet design
- Sturdy
Cons
- No NFC so no support for iPhone and Android
- Doesn't support macOS logins
More Details
The FIDO2 key is backward-compatible with the U2F protocol and functions with the latest Chrome browser on operating systems such as Windows, MacOS, or Linux. All websites that comply with U2F protocols can support and protect U2F.
The key is designed with a 360-degree rotating metal cover shielding the USB connector when not used. It is also made from a durable aluminum alloy to safeguard it against drops, bumps, and scratches.
Overall, this USB-A security key is reasonably priced at $27. However, it does not have advanced features such as a fingerprint reader, and you will want to buy more than one. Despite this, customers like its sleek and discreet design and find it easy to set up and use.
Thetis Fido U2F Security Key features:Tough and durable alloy shell |360-degree design with rotating aluminum alloy cover | Looks like a USB flash drive | FIDO2 key is backward-compatible with U2F protocol | Compatible with latest Chrome browser on Windows, MacOS, and Linux
Pros & Cons
Pros
- Water and dust resistant
- Easy setup
- FIDO certified
Cons
- Expensive
- No NFC compatibility
More Details
The Yubico YubiKey 5 Nano is a discreet, tiny security key that provides the features you need to lock your devices and services while you're on the road. The key supports PCs and other devices via USB-A and is compatible with the Yubico Authenticator app. However, keep in mind that there is no USB-C support.
This security key is compatible with a range of password managers including 1Password, Keeper, and LastPass Premium, alongside IAM platforms, cloud storage apps, and social media accounts.
Customer feedback shows that users find the key works very well across multiple platforms and consider it straightforward to set up and use.
Priced at $60, this is slightly more expensive than many on the market, but if you're looking for one of the smallest, portable, and most discreet keys on the market, this could be the right option for you.
Yubico YubiKey 5 Nanofeatures:FIDO, FIDO2 certified |Multi-protocol| Supports USB-A | Protects against phishing and cyber attacks | IP68 rated
Pros & Cons
Pros
- Slim, lightweight design
- IP68 rated
- Subscription alternatives available
Cons
- Only supports FIDO protocols
More Details
An alternative Yubico security key is the $29 C NFC model. The USB-C key is best suited for businesses that want to implement physical 2FA procedures without spending a fortune.
The key is compatible with Android, Windows 10, and iOS devices, alongside services including AWS, Okta, Google accounts, Apple iCloud, Microsoft, and Cloudflare, among others.
These "tap and go" models do not support the Yubico Authenticator app. Instead, they have been designed for affordability and rapid security checks via USB-C, NFC, and FIDO protocols (a 5 series is best suited if you want more extensive features).
The company also offers a Yubico subscription to businesses that want to provide their teams with keys. Customers say that the key 'just works', but customer support could be improved.
Yubico Security Key C NFC features:FIDO certified, FIDO2/U2F compatible| USB-C | NFC connectivity | Suitable for Android, Windows 10 and iOS devices and apps | Defends against phishing and account takeovers
Pros & Cons
Pros
- Compact and unobtrusive
- Built-in fingerprint reader
Cons
- USB-A only
- No support for macOS and ChromeOS
- May need to download additional drivers
More Details
The Kensington Verimark Fingerprint Key utilizes advanced biometric technology, offering excellent performance and 360-degree readability, as well as anti-spoofing protection.
With Microsoft's built-in Windows Hello login feature, logging into your Windows computer using just your fingerprint is possible. Users can store up to 10 different fingerprints, allowing multiple individuals to access the same computer without remembering different sets of usernames or passwords.
The Kensington Verimark Fingerprint Key is FIDO U2F certified, meaning your fingerprint can be used as a second-factor authentication to secure cloud-based accounts such as Google, Dropbox, GitHub, and Facebook.
You may need to download additional drivers from Kensington's website for different Windows operating systems and some users report recognition problems. However, it is still a top choice -- especially as the key is available for only $24.
Kensington Verimark Fingerprint Key features:Built-in biometrics for added security | Compatible with Windows Hello login feature | Compact and unobtrusive design | Stores up to 10 different fingerprints | FIDO U2F certified for cloud-based account security
more buying choices
Pros & Cons
Pros
- Open source
- Extensive features
Cons
- Expensive
More Details
Developed in the Rust language, the new Nitrokey 3C NFC security key is based on open source technologies. The key's cryptographic framework and protocols, Trussed, are available for the public to view and examine.
Nitrokey supports various authentication protocols, including FIDO U2F, FIDO2, one-time passwords, OpenPGP smart card, Curve25519, and Common Criteria EAL 6+. Keep in mind, however, that not all functions are available straight out of the box -- you may need to spend some time updating the device.
The $59 key's microprocessor has security features, including Secure Boot, ARM TrustZone, and Physical Unclonable Functions (PUF).
Nitrokey 3C NFC features: Open source technologies | Based on Rust | Hardware security includes Secure Boot and ARM TrustZone | Supports multiple operating systems | Firmware updates | Supports NFC, USB-C, FIDO U2F, FIDO2, WebAuthn, OTP, and more
Pros & Cons
Pros
- High security standards
- USB-C adapter included
Cons
- No biometrics
More Details
The Google Titan security key line, recently updated to include support for up to 250 passkeys, is an affordable way to bolster your online security. The $30 key is USB-C-compatible and a USB-C to USB-A adapter is included for legacy devices.
This stylish option is based on FIDO standards and you can connect most Android and iOS devices, as well as most devices able to run Google Chrome. If you're looking for a key suitable for most platforms, this key is for you -- and as a bonus, it is well-priced.
Also:Hands on with Google's new Titan Security Keys - and why they still have their place
Titan security keys are compatible with Google's Advanced Protection Program, a scheme you may be required to join if you are considered at higher risk of cyberattacks -- including phishing and email-based attacks -- than the average consumer. Compatibility requirements are listed here. Setup is easy but I've found that, on occasion, you may end up in verification loops when you try to register a new device with your key.
Google Titan security key features:FIDO-certified security key |USB-A/NFC, USB-C/NFC |USB-C to USB-A adapter | Supports 250 passkeys
What is the best security key?
As testers of security keys over the years, we recommend the Yubico YubiKey 5 NFC as the best security key available on the market today. It offers unbeatable security and convenience, making it a worthwhile investment for anyone looking to safeguard their online accounts. However, if this one doesn't suit you, the key features of our other favorites are listed below.
Security key | Price | Connector type | NFC support | Bluetooth support | Waterproofing | Supported services | Compatible devices |
Yubico YubiKey 5 NFC | $50 | USB-A and NFC | Yes | Yes | Water- and dust-resistant | Google Chrome, FIDO-compliant apps | Windows, macOS, Linux, iOS, Android |
Thetis Fido U2F Security Key | $27 | USB-A | No | No | N/A | U2F services | Windows, macOS, Linux |
Yubico YubiKey 5 Nano | $60 | USB-A | No | No | IP68 water- and dust-resistant | U2F and FIDO2 services | Windows, macOS, Linux |
Yubico Security Key C NFC | $29 | USB-C and NFC | Yes | Yes | IP68 water- and dust-resistant | FIDO-enabled services | Windows, Android, iOS |
Kensington Verimark Fingerprint Key | $22 | USB-A | No | No | N/A | Google, Dropbox, GitHub, and Facebook | Windows |
Nitrokey 3C NFC | $59 | NFC, USB-C | Yes | No | N/A | Various | Windows, macOS, Linux, BSD, Android, iOS |
Google Titan security key | $30 | USB-C, NFC, and Bluetooth | Yes | Yes | No official IP rating | FIDO, Google Chrome services, various apps | Windows, macOS, Android, Google Chome compatible devices |
Note: Prices and compatibility information may vary based on location and specific devices. This table is based on the information provided in the given descriptions and is subject to change.
What's the right security key for you?
It all boils down to which features you prioritize and your budget. Since having two security keys is recommended for added security, with one in use and the other as a backup, choosing a more affordable option could be cost-effective.
However, investing in a higher-end brand may be wise if you already use security keys or anticipate frequent use.
Choose this security key… | If you want… |
Yubico YubiKey 5 NFC | The best security key out there with broad versatility and compatibility. This FIDO-certified key is an excellent all-rounder with multi-platform compatibility. |
Thetis Fido U2F Security Key | A cheap, no-frills, tough USB-A security key. Despite its rather stylish design, it does not have many advanced features. |
Yubico YubiKey 5 Nano | A high-quality, extremely small security key. This key is a great option if you want a security solution you can take with you on your travels. |
Yubico Security Key C NFC | The best value key for business, considering its compatibility with services including AWS, Okta, Google accounts, Apple iCloud, Microsoft, and Cloudflare. |
Kensington Verimark Fingerprint Key | A simple USB-A security key with built-in biometrics. This key is discreet, compact, and user-friendly, although it has limited compatibility. |
Nitrokey 3C | Open source technologies, expansive security features, and protocol support. |
Google Titan security key | An affordable, multi-platform key suitable for Chrome-supporting services, Android, and iOS apps that can store up to 250 passkeys. |
Factors to consider when choosing a security key
While you're deciding what security key is right for you, consider the following factors:
- Service compatibility: Ensure that the key you're interested in is compatible with your main services, such as your email provider or business tools and platforms.
- One, or two?: We recommend that you purchase a key and a backup. You can often buy two packs of security keys, but in some cases, you may have to spend more.
- Security standards: Security keys should adhere to modern security standards such as FIDO2. Check that your choice meets these standards to ensure you receive the best protection possible.
- Connectivity: Hardware-based security keys use different forms of connectivity, and so you should consider what type works best for you, whether USB-based, Bluetooth, or NFC.
How were these security keys chosen?
Extensive research has been conducted on every security key that is listed here across a wide range of devices and services. In some cases, this includes testing the keys on different operating systems, web browsers, and services to ensure they work smoothly and efficiently.
It was also important to analyze the feedback left by other users who have purchased and used these keys over a period of time. This has helped to determine the long-term reliability of each key and to identify any potential compatibility issues that users might encounter.
Our main criteria for selecting these security keys are:
- Ease of use: There is often a learning curve associated with adopting a new security mechanism or gadget. We wanted to ensure that the next security key you buy is as close to seamless as possible, with easy setup and reasonable compatibility with devices and online services.
- Durability: As a physical device securing the keys to your digital kingdom, it is crucial that the products we recommend won't easily break. After all, they should be reliable enough to be a long-term security measure.
- Security features: Naturally, the security features of a security key are paramount. We considered each device's support for different authentication protocols alongside security measures including passwordless authentication.
- Price point: The cost of your next security key is an important factor to consider. As they are physical, we recommend that you pick up two, just in case one ends up lost. As a result, we wanted to ensure this was affordable.
What are security keys and how do they work?
A security key is a physical device that generates a unique code used with a password to authenticate your identity when logging into a website or application. It uses public-key cryptography and is more secure than traditional 2FA methods.
What does FIDO mean?
The FIDO Alliance consortium has developed open standards for authentication protocols. The authentication standard is based on public key cryptography.
Devices that are FIDO certified allow users to quickly sign into their accounts using physical keys or biometric passkeys, and have also achieved FIDO protection and security standards.
Why are security keys better than SMS-based 2FA?
SMS is open to SIM hijacking, while a physical key cannot be copied or the data intercepted. Think about it this way: 2FA verification codes sent via SMS messaging may be intercepted if your smartphone has been infected with malware, including spyware, but unless an attacker has your physical security key in their hand, they cannot grab the code required to access your account.
How many security keys do I need?
We recommend purchasing at least two -- one that you use day-to-day and one to keep as a backup. For example, you can keep one in your home office or attached to a keychain if you're on the road, while one is stashed safely away to cover you if you lose your primary key.
How reliable are security keys?
Very reliable. I've been using them for years as a Google Advanced Protection Program member, and I've never had an issue. I wasn't pleased when I was first assigned to the program when I was required to buy my first security key, but now I wouldn't be without one.
Can security keys be hacked?
Security keys are one of the best authentication methods on the market today and they have very little exploitable attack surface, making them difficult to 'hack' in any way. While there are cases of keys being cloned for academic purposes, as security keys are not constantly connected to the Internet, you don't have to worry about the most common attack vectors having any impact on them. Just keep your key in a safe place.
Are there alternative security keys worth considering?
Here are alternatives on the market that could be worth investigating if none of our top recommendations appeal to you. It's not possible to showcase every single worthy security key product on the market, so other options we like the look of are below:
