While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level. Password policy compliance is important, and a crucial step to securing your online life.
Some of your online accounts for example, Google Account or Dropbox, might be so important and contain such a wealth of information that you might want to take additional steps to protect them. There’s no better way to secure your online accounts than to use hardware-based two-factor authentication (2FA).
Security keys are easy to use, put an end to phishing attacks, cheap, and are less hassle and much more secure than SMS-based two-factor authentication. SMS is open to SIM hijacking, while a physical key cannot be copied or have the data intercepted.
The good news these days is that you can get security keys in a variety of formats: USB-A and USB-C, Lightning for iPhone users, and even keys that use Bluetooth. We recommend having at least two one that you use and one as a backup.
So, let’s take a look at the best security keys currently available:
YubiKey Bio $85
YubiKey Bio Series supports biometric authentication using fingerprint recognition for secure and seamless passwordless logins. It supports a range of business scenarios including privileged users, remote workforce, and mobile-restricted environments.
Designed for desktop and workstation applications, and perfect for call centers and shared workspace environments. It also secures login for cloud-first environments or cloud and on-premise hybrid environments..
- Meets the most stringent hardware security requirements with fingerprint templates stored in the secure element on the key
- Works out-of-the-box with operating systems and browsers including Windows, macOS, Chrome OS, Linux, Chrome, and Edge
- Supports FIDO2/WebAuthn, FIDO U2F
- Available in both USB-A and USB-C form factors with biometric support
The YubiKey Bio Series is FIDO and FIDO2 certified. It works with Google Chrome or any FIDO-compliant application on Windows, Mac OS or Linux and with applications that provide FIDO or FIDO2 support through Chrome, Firefox, or Edge browsers.
LastPass users please note you will need a YubiKey 5 Series key. The YubiKey Bio Series does not work with LastPass.
Key Features: Biometric, battery free, crush and water resistant, portable, and uses public and private key cryptography.
YubiKey 5C NFC $55
Now that USB-C is becoming the standard on laptops, desktops, and Android smartphones, it made sense for Yubico to bring USB-C and NFC together into a single key. YubiKeys are extremely secure and durable, being tamper, water, and crush resistant.
The YubiKey 5C NFC is FIDO-certified and works with Google Chrome and any FIDO-compliant application on Windows, Mac OS, or Linux. Secure your login and protect your Gmail, Facebook, Dropbox, Outlook, LastPass, Dashlane, 1Password, accounts, and more.
Once registered, each service will request you to insert the YubiKey PC security key into a USB-C port and tap to gain access. You also get touch-based authentication for NFC supported Android and iOS devices and applications. Just tap & go!
YubiKey USB authenticator includes NFC and has multi-protocol support including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, Smart card (PIV), OpenPGP, and Challenge-Response capability to give you strong hardware-based authentication.
Brings together the ubiquity of USB-A with the versatility of wireless NFC, which gives it broad compatibility across a wide range of devices. The FIDO certification means it works with Google Chrome and any FIDO-compliant application on Windows, MacOS, or Linux, and the NFC makes it compatible with iOS and Android devices. Secure your login and protect your Gmail, Facebook, Dropbox, Outlook, LastPass accounts and more.
The YubiKey 5 NFC is FIDO certified and works with Google Chrome and any FIDO-compliant application on Windows, MacOS, or Linux. YubiKey USB authenticator includes NFC and has multi-protocol support including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, Smart card (PIV), OpenPGP, and Challenge-Response capability to give you strong hardware-based authentication.
YubiKey 5Ci $70
Got an iPhone? This key is for you. All the goodness of a YubiKey, but this multi-protocol hardware authenticator features a dual connector for lightning and USB-C ports. Not cheap compared to the USB-C and USB-A versions with NFC, but it’s a nice touch for iPhone users. With the Lightning connector, you can protect your iOS mobile apps and account credentials with a simple touch.
The tiniest YubiKey available! No bigger than a fingernail, and it fits discreetly into a USB-A port.
The YubiKey 5 Nano is FIDO certified and works with Google Chrome and any FIDO-compliant application on Windows, MacOS, or Linux. The YubiKey USB authenticator has multi-protocol support including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, Smart card (PIV), OpenPGP, and Challenge-Response capability to give you strong hardware-based authentication.
A security key that looks like a flash drive! FIDO2 key is backward-compatible with U2F protocol and works with the newest Chrome browser with operating systems such as Windows, MacOS, or Linux. U2F can be supported and protected on all websites that follow U2F protocols.
Designed with a 360-degree rotating metal cover that shields the USB connector when not in use. It’s crafted from a durable aluminum alloy to protect the Key from drops, bumps, and scratches.
Titan Security Keys include special firmware engineered by Google to verify the key’s integrity and are built on FIDO open standards, so you can use them with many apps and services. Titan Security Keys are compatible with the Advanced Protection Program, Google’s strongest security offering. Google offers a USB-C/ NFC and USB-A/ NFC security key.
Fingerprint reader with advanced fingerprint technology combines superior biometric performance and 360-degree readability as well as anti-spoofing protection. Since the Kensington Verimark Fingerprint Key is FIDO U2F Certified, your fingerprint can protect your cloud-based accounts such as Google, Dropbox, GitHub, and Facebook with FIDO second-factor authentication.
This device works on any PC! Login on your Windows computer using Microsoft’s built-in Windows Hello login feature with just your fingerprint. No need to remember usernames and passwords. It can be used with up to 10 different fingerprints, so multiple users can log in to the same computer.
Compatible with Windows Hello, Windows 10 or later, 8 and 7. NOT compatible with Mac OS or Chrome OS. Password Manager Compatibility supports popular tools, like Dashlane, LastPass (Premium), Keeper (Premium) and Roboform, to allow the fingerprint to authenticate and automatically fill in usernames and passwords for websites.