Being sensible when it comes to passwords is important, and a crucial step to securing your online life. However, some of your online accounts — for example, your Google Account or Dropbox — might be so important and contain such a wealth of information that you might want to take additional steps to protect it.
And there’s no better way to secure your online accounts than to use hardware-based two-factor authentication (2FA). Security keys are easy to use, put an end to phishing attacks, cheap, and are less hassle and much more secure than SMS-based two-factor authentication. And the good news these days is that you can get security keys in a variety of formats, from USB-A and USB-C, Lightning for iPhone users, and even keys that use Bluetooth.
So, let’s take a look at the best security keys currently available.
Disclosure: ZDNet may earn an affiliate commission from some of the products featured on this page. ZDNet and the author were not compensated for this independent review.
Probably the best all-round security key
Brings together the ubiquity of USB-A with the versatility of wireless NFC, which gives it broad compatibility across a wide range of devices. The FIDO certification means it works with Google Chrome and any FIDO-compliant application on Windows, Mac OS or Linux, and the NFC makes it compatible with iOS and Android devices.
The YubiKey 5 NFC is FIDO certified and works with Google Chrome and any FIDO-compliant application on Windows, Mac OS or Linux. Secure your login and protect your Gmail, Facebook, Dropbox, Outlook, LastPass, Dashlane, 1Password, accounts, and more.
YubiKey USB authenticator includes NFC and has multi-protocol support including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, Smart card (PIV), OpenPGP, and Challenge-Response capability to give you strong hardware-based authentication.
$45 at Amazon
Good choice for Mac users
This is a 2FA security key built around a USB-C plug. If you’re using mostly Macs or modern laptops and desktops, this is a great choice. Also a good choice for those using Android devices.
The YubiKey 5C is FIDO certified and works with Google Chrome and any FIDO-compliant application on Windows, Mac OS or Linux. Secure your login and protect your Gmail, Facebook, Dropbox, Outlook, LastPass, Dashlane, 1Password, accounts, and more.
The YubiKey USB authenticator has multi-protocol support including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, Smart card (PIV), OpenPGP, and Challenge-Response capability to give you strong hardware-based authentication.
$50 at Amazon
Tiny security key is tiny!
The tiniest YubiKey available! No bigger than a fingernail, and it fits discreetly into a USB-A port.
The YubiKey 5 Nano is FIDO certified and works with Google Chrome and any FIDO-compliant application on Windows, Mac OS or Linux. Secure your login and protect your Gmail, Facebook, Dropbox, Outlook, LastPass, Dashlane, 1Password, accounts, and more.
The YubiKey USB authenticator has multi-protocol support including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, Smart card (PIV), OpenPGP, and Challenge-Response capability to give you strong hardware-based authentication.
$50 at Amazon
Security key with built-in PIN code keypad
OnlyKey is the world’s first plug-and-play encryption device that stores all of your accounts securely offline. Unlike smartcards that are susceptible to a keylogger stealing the user’s PIN, this PIN is securely entered on the device itself. OnlyKey has multi-color alerts that turn green if you’ve entered the correct PIN, red if you’ve entered the wrong one, and blue for FIDO2 / U2F authentication.
Extremely durable, waterproof, and tamper resistant design allows you to take your OnlyKey with you everywhere.
The PIN used to protect the OnlyKey, which means that, if this device is stolen, data remains secure, and after 10 failed attempts to unlock all data is securely erased.
Works with all websites including Twitter, Facebook, GitHub, and Google. Onlykey supports multiple methods of two-factor authentication including FIDO2 / U2F, Yubico OTP, TOTP, and Challenge-response.
$46 at Amazon
A security key that looks like a flash drive
FIDO2 key is backward-compatible with U2F protocol and works with the newest Chrome browser with operating systems such as Windows, MacOS, or Linux. U2F can be supported and protected on all websites that follow U2F protocols.
Designed with a 360° rotating metal cover that shields the USB connector when not in use. Also, crafted from a durable aluminum alloy to protect the Key from drops, bumps, and scratches.
A very reasonably priced security key.
$20 at Amazon
Convenience of USB-A and Bluetooth in a single package
The Thetis BLE U2F key connects to your iPhone or Android devices via Bluetooth Low Energy technology (BLE). It offers a strong two-factor authentication to your online accounts. Never lose your accounts through password theft, phishing, hacking, or keylogging scams!
The Thetis U2F key can be used on websites that support U2F protocol with the latest Chrome installed on Windows, MacOS, or Linux.
Designed with a 360-degree rotating metal cover that safely shields the USB connector when not in use. Crafted from a durable aluminum alloy to protect the key from drops, bumps, and scratches.
$29 at Amazon
Google offers a range of keys at a decent price
Titan Security Keys include special firmware engineered by Google to verify the key’s integrity and are built on FIDO open standards, so you can use them with many apps and services.
Google offers a range of keys:
- USB-C
- USB-A
- Bluetooth/USB/NFC
They are good quality, although I have had problems with the plastic not being as durable as some keys on the market.
$25 at Google
Convenience of using your fingerprint unlock devices
Fingerprint reader with advanced fingerprint technology combines superior biometric performance and 360-degree readability as well as anti-spoofing protection.
Login on your Windows computer using Microsoft’s built-in Windows Hello login feature with just your fingerprint. No need to remember usernames and passwords. It can be used with up to 10 different fingerprints, so multiple users can log in to the same computer.
Because the Kensington Verimark Fingerprint Key is FIDO U2F Certified, our fingerprint can protect your cloud-based accounts such as Google, Dropbox, GitHub, and Facebook with FIDO second-factor authentication.
$35 at Amazon