The Best Hardware Security Keys for 2024 (2024)

Deeper Dive: Our Top Tested Picks

  • RELATED:
  • Best Password Managers
  • Best Authenticator Apps
  • Best Antivirus Apps
  • Best VPNs

The Best Hardware Security Keys for 2024 (1)

Best Overall

Yubico Security Key C NFC

5.0 Exemplary

  • Inexpensive
  • Outstanding build quality
  • Wireless NFC
  • USB-A or USC-C compatibility
  • Stores passkeys
  • Fewer authentication protocols than other Yubico devices

Biometrics

Authentication SpecificationsFIDO2, FIDO U2F, WebAuthn/CTAP

ConnectorUSB-C

Wireless SpecificationNFC

The Yubikey Security Key C NFC is our top pick for most people. It boasts excellent build quality and its USB-C connector means it works on just about every new device. It also has NFC support which lets it authenticate on mobile devices that lack a USB port.

This is our recommended security key for first-time buyers and anyone who doesn't want to pay for the bells and whistles of some other YubiKey models. It doesn't do everything; instead, it does exactly what someone new to security keys would want. It can authenticate your identity online and store up to 100 passkeys, which are accessible via Yubico's apps for desktop and mobile.

GET IT NOW

$29.00 Yubico $29.00 Amazon

Learn More

Yubico Security Key C NFC Review

The Best Hardware Security Keys for 2024 (2)

Best for Experts

Yubico YubiKey 5C NFC

4.0 Excellent

  • Supports both USB-C and NFC
  • Rugged build
  • Supports many authentication protocols
  • Expensive

Biometrics

Authentication SpecificationsFIDO U2F, FIDO2, WebAuthn/CTAP, Smart Card, HOTP/TOTP, Open PGP, Static Password, Yubico OTP

ConnectorUSB-C

Wireless SpecificationNFC

The YubiKey 5 Series has the rugged build quality of all Yubico devices, and its USB-C connector and NFC support means it works with just about every new device. Like the other YubiKey Series 5 devices, the 5C NFC does more than just MFA and passwordless login; it can function as a Smart Card, store static passwords and Open PGP keys, and more.

At $55, the YubiKey 5C NFC doesn't make sense for most people who just need to secure their online accounts or haven't used a security key before. It's a better choice for someone with very specific needs or who's savvy enough to learn how to use all its features.

GET IT NOW

$55.00 Amazon

Learn More

Yubico YubiKey 5C NFC Review

The Best Hardware Security Keys for 2024 (3)

Best for Biometric Authentication

Yubico YubiKey C Bio

4.0 Excellent

  • Biometric multi-factor authentication
  • Slim, durable design
  • Supports widely used standards
  • Easy onboarding
  • Expensive
  • No NFC
  • Lacks authentication features found in other YubiKeys

Biometrics

Authentication SpecificationsFIDO U2F, FIDO2, WebAuthn/CTAP

ConnectorUSB-C

Wireless SpecificationNone

The YubiKey C Bio combines biometric authentication with Yubico's trademark build quality. This device serves as an MFA authenticator and adds a fingerprint scanner for additional security.

What you're paying for with this device is biometric protection. Make sure that's explicitly what you want before buying. The YubiKey C Bio costs nearly twice as much as the YubiKey 5C NFC, but only supports a fraction of the authentication methods—the same, in fact, as the Security Key C NFC. It also lacks NFC, so it doesn't work with many mobile devices.

GET IT NOW

$85.00 Yubico

Learn More

Yubico YubiKey C Bio Review

The Best Hardware Security Keys for 2024 (4)

Best for Google Loyalists

Google Titan Security Key

3.5 Good

  • Available for USB-A and USB-C
  • Supports NFC
  • Stores 250 passkeys
  • Can't delete passkeys
  • Few features
  • Very little product documentation available

Biometrics

Authentication SpecificationsFIDO2

ConnectorUSB-C, USB-A

Wireless SpecificationNFC

The only MFA hardware that Google is willing to put its name on is the Google USB-C/NFC Titan Security Key. It's an MFA device that's targeted at everyday and first-time users.The sleek, rounded Titan Security Key is perfect for anyone turned off by Yubico's square-edged utilitarianism.

The Titan Security Key is affordable and, most importantly, comes with Google's endorsement. Trust is important when it comes to authenticating your login sessions, so Google's recognizable name and massive online presence may hold a lot of weight for customers

GET IT NOW

Starts at $30 Google Store

Learn More

Google Titan Security Key Review

The Best Hardware Security Keys for 2024 (5)

Best Affordable Biometric Key

Kensington VeriMark Guard USB-C Fingerprint Key

3.5 Good

  • Works with most popular multifactor standards
  • Integrated, optional, fingerprint sensor
  • Small, well-built design
  • Confusing onboarding
  • No NFC
  • Doesn't indicate when biometrics are in use
  • Biometrics not widely supported

Biometrics

Authentication SpecificationsFIDO U2F, FIDO2, WebAuthn/CTAP

ConnectorUSB-C

Wireless SpecificationNone

It's a tiny biometric security key with a long name! The Kensington VeriMark Guard USB-C Fingerprint Key has fingerprint authentication capabilities and is easy to use for passwordless authentication. The key is small enough to stay plugged into your device all the time, which may be a plus for some people.

If you're seeking a diminutive, reliable, and well-made security key, the VeriMark Guard Fingerprint Key is right for you. It costs significantly less than the biometric YubiKeys, making biometric MFA a little more accessible. Be advised that setting up this device is rather tricky, though.

GET IT NOW

$69.99 Kensington

Learn More

Kensington VeriMark Guard USB-C Fingerprint Key Review

The Best Hardware Security Keys for 2024 (6)

Best Open-Source Security Key

Nitrokey FIDO2

3.5 Good

  • Open-source hardware and firmware
  • Affordable
  • Supports latest multifactor authentication standards
  • Durable and portable
  • No NFC support
  • Bulky
  • Lacks encryption features found in other Nitrokey devices

Biometrics

Authentication SpecificationsFIDO2, WebAuthn/CTAP, FIDO U2F

ConnectorUSB-A

Wireless SpecificationNone

The Nitrokey FIDO2 does everything Yubico's entry-level key does, but Nitrokey does it using only open-source hardware and firmware. The company touts the device's updatable firmware as a selling point (though whether it's a good thing or a risk is open for debate). We like how affordable the Nitrokey FIDO2 is, but we still prefer the design and build quality of the Security Key C NFC.

Nitrokey's biggest selling points are updatable firmware and open-source hardware and firmware. If either of those appeals to you, then this key is a good choice. It also has a very affordable price that will surely entice first-time buyers.

GET IT NOW

Visit Site Nitrokey

Learn More

Nitrokey FIDO2 Review

Buying Guide: The Best Hardware Security Keys for 2024

How Do You Use a Security Key?

While they can take many forms, most security keys are small, key-sized devices that uniquely identify themselves to sites and services. Your possession of the key is a way for the online account to prove that you are who you say you are, in addition to verifying your username and password. To use a security key, you first have to enroll it with each site or service you want to protect. Support for security keys is increasing, but don't be surprised if they're not accepted at every site you try.

Enrolling a key is slightly different for each key and online account, but it usually goes something like this: Somewhere in the online account's settings is an option to enroll a security key. Click it, insert the key, tap the key's button when prompted, and give the key's record a name so you know what it is. Some sites and services limit you to just one key, while others allow or even require more than one. Many sites require you to enable an alternate form of MFA or generate one-time use security codes to act as backups to your key.

The next time you go to log in, you're prompted to present your security key after entering your username and password for an account. You connect the key through some kind of data transfer connection—typically USB-A or USB-C—and then press a button on the device to verify you're a real person and not a clever malware attack impersonating a key. If both the password and the key check out, you log in as normal.

Some hardware keys include wireless communication capabilities, usually through near-field communication (NFC), to interact with mobile devices. Other keys have biometric authentication for an added layer of protection.

Which Hardware Security Key Is Best for You?

The first thing to look at when choosing a security key is how the key literally fits with the rest of your devices. If you don't have any devices with USB-C, you should stick to keys with a USB-A connector. If you intend on using your key with mobile devices (and you should), select a key with either a connector that fits your phone or NFC if your phone supports NFC.

Consider any budget restrictions, too. The most expensive keys we've reviewed cost up to $95. If you're new to hardware security keys, we strongly recommend starting with a less expensive key and upgrading later. The Security Key C NFC from Yubico and the Google Titan Security Key work well for basic MFA and offer NFC for mobile devices. Either is great for first-time buyers.

Most security keys just authenticate you, and that's enough. But some go further with additional features. Kensington has a line of biometric keys that require the correct fingerprint to authenticate you. High-end YubiKeys have numerous additional features: the ability to play back a static password, working with a desktop or mobile app to provide app-generated passcodes, supporting PGP key management, and offering their own form of one-time passcodes.

Other keys may have niche features or design perks that appeal to particular audiences. For example, NitroKeys uses open-source code and hardware, making them strong choices for the privacy-conscious consumer. In another example, Yubico and NitroKey target very different audiences, since the former blocks firmware changes on its devices to protect them from tampering, while the latter celebrates its updatable firmware.

What Is Multi-Factor Authentication?

Multi-factor authentication, sometimes called MFA, two-factor authentication, or 2FA, allows you to verify your identity using more than one kind of authentication. You should authenticate your login using at least two of these factors:

  • Something you know

  • Something you have

  • Something you are

Something you know is typically a password. It lives in your head and is ideally known only to you. Something you have could be a security key such as those we've listed here, an authenticator app on your phone, or a code sent via SMS to your phone. It's something not easy for a stranger to access or obtain. Finally, something you are is a physical characteristic that can be read with a biometric scan, such as a fingerprint or your face.

The Best Hardware Security Keys for 2024 (7)

The Best Hardware Security Keys for 2024 (8) What Is Two-Factor Authentication?

It's pretty unlikely that an attacker will have access to more than one of these forms of authentication, making it harder for bad guys to take over your accounts. It's been proven in the real world, too. When Google required employees to use hardware MFA keys, account takeovers effectively vanished.

Remember that MFA of any kind can't protect against all the dangers the modern world presents. We strongly recommend using antivirus software as well as a password manager to create unique and complex passwords for each site and service you use.

How Do Hardware Security Keys Work?

The most widespread means of hardware security key authentication is based on the standards from the FIDO Alliance. All these standards do fundamentally the same thing: They use asymmetric cryptography to authenticate you to a site or service.

Each device can generate any number of public keys from its private key without exposing the private key. That allows a single hardware key to be used for multiple sites and services, but most importantly, it means a failure or change at any one site or service won't affect the other. You can easily remove and enroll your hardware key as many times as you like.

When shopping for a hardware security key, look for at least FIDO U2F certification because it means the key works in just about every basic security key context. FIDO2/WebAuthn are the next-generation standards that support additional types of authentication. If you want to use a device for biometric MFA or passwordless login, you need FIDO2/WebAuthn.

Are Security Keys Safe?

So what happens if your key is stolen or lost? In the theft scenario, it's unlikely someone would have the means to track down an individual user and steal their security key. Most cybercrime is committed en masse, with thousands or millions of compromised accounts. One security key isn't worth the effort.

That said, a determined attacker could use a stolen key to access your accounts. That's why you should keep your key safe, but also to use strong passwords secured in a password manager. If the thief gets the key but can't crack your password, they're still not getting in.

Recommended by Our Editors

How to Protect Your Online Accounts With a Physical Security Key

The Best Authenticator Apps for 2024

12 Simple Things You Can Do to Be More Secure Online

It's far more likely that you lose your key, and that can be a real problem. Yubico recommends enrolling a second key and storing it as a secure backup. Many services that support security keys also allow (and some require) you to enroll multiple MFA factors, so you could set up an authenticator app as a backup MFA option and use that if you don't have your key.

Services often let you generate backup codes you can write down offline or store in a password manager. These codes grant you access in emergencies. If none of that works, find a device where you are still logged in and unenroll the key or add a new MFA factor you do have. The bottom line is that losing your security key is not the end of the world.

Passkeys vs. Security Keys

Passkeys are a secure authentication system that may one day replace passwords. Several major players have thrown their weight behind this technology, making it far more likely to catch on than any other previous effort to replace passwords. Apple, Google, and Microsoft have all added support for passkeys to their platforms, so you're likely to start seeing them appear as an option soon. If you want to try out passkeys, look at our instructions on how to use passkeys with your Google account or your Apple account.

A super-secure authentication scheme might sound like a death knell for security keys, but not so! Some security keys can store passkeys, keeping them safe and separate from your phone or computer. We tested the Security Key C NFC and YubiKey Series 5 key which can both store passkeys.

However, the number of passkeys on a security key may be limited. Yubico's documentation says that the company's devices can hold only 25 passkeys per security key.

The Key to Better Online Security

Hardware security keys are the best, most secure method of MFA. We highly recommend them. But for some, the idea of paying for a key or having to fetch it for every login is too much bother, and that's just fine. What's most important is that you find an MFA scheme that works for you and that you use it.

Max Eddy contributed to this article.

The Best Hardware Security Keys for 2024 (2024)

FAQs

What is the best hardware security key? ›

Best Overall Security Key

The Yubikey Security Key C NFC is our top pick for most people. It features excellent build quality, and its USB-C connector means it works on just about every new device. It also has NFC support, which lets it authenticate on mobile devices that lack a USB port.

Is YubiKey worth it in 2024? ›

Yubico Yubikey 5C

While it's not the most affordable security key on this list, coming in at a higher price than Yubico's USB-A and NFC-equipped version, this USB-C security key is essential for owners of Android devices. The 5C is compatible with various standards – including FIDO U2F, OTP, Smart Card, and OpenPGP.

Which is better, YubiKey or Google Titan? ›

Google Titan and the Yubico Security Key and YubiKey 5 series are solid options for improving the security of your online accounts. For users who only require basic functionality, we recommend Google Titan. For those who want a more advanced device, the YubiKey series is recommended.

How many security keys should I have? ›

Before setting up your key, learn how to ensure that you don't get locked out of your account. The easiest option is to have at least one backup security key to use in case you lose your main one, and to register your main key and backup key at the same time.

Why is YubiKey so expensive? ›

It is costly to design, mould, manufacture, sell and support a hardware product, even something as small as this. Since you don't want your 2FA company to go out of business there is good value in knowing they have a stable business model that can actually support a company rather than just burning capital.

What is the most secure key? ›

The best security keys you can buy: Expert tested
  • Yubico YubiKey 5 NFC | Best security key overall. ...
  • Thetis Fido U2F Security Key | Best security key for durability. ...
  • Yubico YubiKey 5 Nano | Best security key for travel. ...
  • Yubico Security Key C NFC | Best security key for businesses.
Jun 11, 2024

What are the downsides of YubiKey? ›

Loss or Damage: Misplacing or damaging YubiKey can lead to losing access to online accounts. Time-consuming Recovery: Restoring access to accounts in case of YubiKey loss or damage can be time-consuming. Risk of Loss or Theft: Due to its small physical size, losing or having YubiKey stolen can pose a security risk.

How long will a YubiKey last? ›

A Yubikey will essentially last forever, and if you stay clear of the insanity that is Passkeys its Webauthn element can support an infinite number of websites. Portability: I have a smartphone, a work laptop, a home laptop, and a home desktop. My Yubikey has USB and NFC, so it can trivially be used with all of them.

How many passwords can YubiKey hold? ›

OATH-TOTP - the YubiKey 5's OATH application can hold up to 32 OATH-TOTP credentials (AKA authenticator codes). OTP - this application can hold two credentials, can be registered with an unlimited number of services. The OTP application comes with: Yubico OTP.

Which password manager works best with YubiKey? ›

Password Safe is a password database utility that stores your passwords in an encrypted file, allowing you to remember only one password instead of all the username/password combinations that you use. Password Safe uses YubiKey's HMAC-SHA1 challenge response mode.

How many times can a YubiKey be used? ›

A YubiKey supports an unlimited number of accounts with both WebAuthn and U2F protocols. If you're using your hardware key for TOTP, you can only hold 32 accounts.

Is it safe to keep YubiKey plugged in? ›

Leaving it plugged in could result in the yubikey being lost or damaged.

Can YubiKey be compromised? ›

Yubico says, “If a user runs the YubiKey Manager GUI as Administrator, browser windows opened by the YubiKey Manager GUI may be opened as Administrator, which could be exploited by a local attacker to perform actions as Administrator.” If this sounds worrying that's because it is.

What happens if you lose YubiKey? ›

So, what happens if you lose your YubiKey? In that case, you can still use your Authenticator app (phew!). While you can't create a backup YubiKey, you can always contact Yubico to get a replacement key.

What is the difference between YubiKey 5 and security key? ›

The Security Key Series differs from a YubiKey 5 Series in that it comes only with the FIDO (FIDO2/FIDO U2F) protocol and the non-Enterprise Edition does not have a serial number. It is only available in USB-A + NFC and USB-C + NFC form factors.

What is the hardware security key in Roblox? ›

Your security key can be a physical key like Yubikey 5, Google Titan Security Key, or it can be a biometric method managed by your device hardware like facial recognition or fingerprint scanner. Your security key option will vary depending on what browser, operating system, and device you're logging in from.

What is difference between YubiKey 5 and security key? ›

The Security Key Series differs from a YubiKey 5 Series in that it comes only with the FIDO (FIDO2/FIDO U2F) protocol and the non-Enterprise Edition does not have a serial number. It is only available in USB-A + NFC and USB-C + NFC form factors.

What is the most common network security key? ›

The most common types of network security keys are Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA/WPA2) .

Is it worth getting a security key? ›

As good as smartphone-based two-factor authentication is, it's not infallible so those seeking a higher level of security often consider using hardware security keys instead. A couple of advantages of using security keys are they use very strong encryption and require no cellular or Internet connection to work.

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Gregorio Kreiger

Last Updated:

Views: 5499

Rating: 4.7 / 5 (57 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Gregorio Kreiger

Birthday: 1994-12-18

Address: 89212 Tracey Ramp, Sunside, MT 08453-0951

Phone: +9014805370218

Job: Customer Designer

Hobby: Mountain biking, Orienteering, Hiking, Sewing, Backpacking, Mushroom hunting, Backpacking

Introduction: My name is Gregorio Kreiger, I am a tender, brainy, enthusiastic, combative, agreeable, gentle, gentle person who loves writing and wants to share my knowledge and understanding with you.