'ZDNET Recommends': What exactly does it mean?
ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.
ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.
Securing your online accounts with a password and username combination is no longer enough.
With data breaches occurring on a daily basis, online service providers began to consider alternative means of securing accounts. So, two-factor authentication (2FA) methods have become widely adopted and include verification codes sent to email addresses or mobile devices -- and in some cases, a physical key is required.
There is no better option than utilizing hardware-based two-factor authentication security keys. While practising good password hygiene is crucial in protecting your digital life, certain online accounts -- such as your Google or Dropbox accounts -- may contain a significant amount of sensitive information that warrants additional measures.
For example, if you are a member of Google's Advanced Protection Program, the company requires you to link a physical security key to your account.
Security keys offer an added layer of security that keeps hackers from accessing your accounts. Even if a hacker has obtained your username and password, or has even compromised your mobile device, they will still be unable to access your data without the key in hand.
Also: What are the best home security systems and do they require Wi-Fi?
Not only are security keys affordable and user-friendly, but they also prevent phishing attacks and are significantly more secure than SMS-based two-factor authentication. Additionally, security keys come in various formats, making them compatible with many devices you own.
Let's take a look at the best security keys currently available and our recommendations for the best security keys in 2023.
Yubico YubiKey 5 NFC features: USB-A and NFC compatibility | Compact design | No battery required | Water, dust, and tamper-resistant | FIDO certified | Multi-protocol support | Compatible with iOS and Android mobile devices through NFC
The YubiKey 5 NFC combines the ubiquity of USB-A with the versatility of wireless NFC, enabling broad compatibility with a wide range of devices.
It is FIDO certified, allowing it to work with Google Chrome and any FIDO-compliant application on Windows, macOS, or Linux. In addition, its NFC capability makes it compatible with iOS and Android mobile devices.
The YubiKey USB authenticator is equipped with multi-protocol support, including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, smart card (PIV), OpenPGP, and challenge-response capabilities, providing strong hardware-based authentication. Being also dust, water, and tamper-proof, this key is a great all-rounder for your security needs.
Feitian ePass K9 USB Security Key features: FIDO2 + FIDO U2F certified | No drivers needed for browser use | Supports USB-A and NFC | Protects against phishing and cyber attacks| Robust and reliable
The Feitian ePass K9 is an entry-level key that should provide the basic features you need to lock your devices and services. The key supports desktops and laptops via USB-A, and supports Android smartphones and iPhones via NFC. However, keep in mind that there is no USB-C support.
Note that although iOS and iPhone are not mentioned in the specifications for this key, ZDNET's Adrian Kingsley-Hughes has tested it and can confirm that it works using NFC without any problems.
Priced at $25, this is a perfect security key for beginners. Since two keys are recommended for added security, you can purchase two for $50. The Feitian ePass K9 USB Security Key offers all the features expected from a security key at an affordable price.
Yubico Security Key C NFC features: FIDO certified, FIDO2/U2F compatible | USB-C | NFC connectivity | Suitable for Android, Windows 10 and iOS devices and apps | Defends against phishing and account takeovers
An alternative Yubico security key is the C NFC model. The USB-C key is best suited for businesses that want to implement physical 2FA procedures without spending a fortune.
The key is compatible with Android, Windows 10, and iOS devices, alongside services including AWS, Okta, Google accounts, Apple iCloud, Microsoft, and Cloudflare, among others.
These "tap and go" models do not support the Yubico Authenticator app. Instead, they have been designed for affordability and rapid security checks via USB-C, NFC, and FIDO protocols (a 5 series is best suited if you want more extensive features).
The company also offers a Yubico subscription to businesses that want to provide their teams with keys.
Thetis Fido U2F Security Key features: Tough and durable alloy shell | 360-degree design with rotating aluminum alloy cover | Looks like a USB flash drive | FIDO2 key is backwards-compatible with U2F protocol | Compatible with latest Chrome browser on Windows, MacOS, and Linux
The FIDO2 key is backwards-compatible with the U2F protocol and functions with the latest Chrome browser on operating systems such as Windows, MacOS, or Linux. All websites that comply with U2F protocols can support and protect U2F.
The key is designed with a 360-degree rotating metal cover that shields the USB connector when not in use. It is also made from a durable aluminum alloy to safeguard it against drops, bumps, and scratches.
Overall, this USB-A security key is reasonably priced. However, there are no advanced features such as a fingerprint reader, and you will want to buy more than one.
Feitian MultiPass K16 and USB ePass K9 Security Keys features: FIDO U2F certified security key | NFC interface for mobile phones and contactless readers | BLE for compatible mobile devices (MultiPass FIDO only) | Suitable for services requiring two security keys
The Feitian MultiPass K16 and USB ePass K9 Security Keys are a twin pack of keys with different capabilities. One key provides USB-A and NFC support, while the other key provides Bluetooth connectivity.
Together, they offer coverage for a wide range of platforms and devices. You may want to consider this affordable bundle if you are part of a protection plan, for example, or if you need different features to secure various online accounts.
Not to be confused with Google Titan, despite the similar design, this key pack is FIDO-compliant and also helps protect your accounts from phishing.
Kensington Verimark Fingerprint Key features: Built-in biometrics for added security | Compatible with Windows Hello login feature | Compact and unobtrusive design | Stores up to 10 different fingerprints | FIDO U2F certified for cloud-based account security
The Kensington Verimark Fingerprint Key utilizes advanced biometric technology, offering excellent performance and 360-degree readability, as well as anti-spoofing protection.
With Microsoft's built-in Windows Hello login feature, logging into your Windows computer using just your fingerprint is possible. Users can store up to 10 different fingerprints, allowing multiple individuals to access the same computer without remembering different sets of usernames or passwords.
The Kensington Verimark Fingerprint Key is FIDO U2F certified, meaning your fingerprint can be used as a second-factor authentication to secure cloud-based accounts such as Google, Dropbox, GitHub, and Facebook.
However, you may need to download additional drivers from Kensington's website for different Windows operating systems.
At the moment, the key is on sale for $24, a discount of around $20 or 46%.
As someone who has tested several security keys over the years, I believe that the Yubico YubiKey 5 NFC is the best security key available on the market today. It offers unbeatable security and convenience, making it a worthwhile investment for anyone looking to safeguard their online accounts.
|Security key||Price||Connector Type||NFC Support||Bluetooth Support||Waterproofing||Supported Services||Compatible Devices|
|Yubico YubiKey 5 NFC||$50||USB-A and NFC||Yes||Yes||Water- and dust-resistant||Google Chrome, FIDO-compliant apps||Windows, macOS, Linux, iOS, Android|
|Feitian ePass K9 USB Security Key||$25||USB-A and NFC||Yes||No||N/A||U2F and FIDO2 services||Windows, macOS, Linux, Android|
|Yubico Security Key C NFC||$29||USB-C and NFC||Yes||Yes||IP68 water- and dust-resistant||FIDO-enabled services||Windows, Android, iOS|
|Thetis Fido U2F Security Key||$25||USB-A||No||No||N/A||U2F services||Windows, macOS, Linux|
|Feitian MultiPass K16, USB ePass K9||$50||USB-A, NFC, and Bluetooth||Yes (MultiPass K16 only)||Yes (MultiPass K16 only)||N/A||U2F and FIDO2 services||Windows, macOS, Linux, Android|
|Kensington Verimark Fingerprint Key||$24||USB-A||No||No||N/A||Google, Dropbox, GitHub, and Facebook||Windows|
Note: Prices and compatibility information may vary based on location and specific devices. This table is based on the information provided in the given descriptions and is subject to change.
It all boils down to which features you prioritize and your budget. Since having two security keys is recommended for added security, with one in use and the other as a backup, choosing a more affordable option could be cost-effective.
However, investing in a higher-end brand may be a wise decision if you already use security keys or anticipate frequent use.
Choose this security key…
If you want…
Yubico YubiKey 5 NFC
The best security key out there with broad versatility and compatibility
Feitian ePass K9 USB Security Key
A cheap, yet quality security key
Yubico Security Key C NFC
The best value key for business
Thetis Fido U2F Security Key
A cheap, no-frills, tough USB-A security key
Feitian MultiPass K16 and USB ePass K9 Security Keys
A two-key bundle with USB-A, NFC, and Bluetooth support
Kensington Verimark Fingerprint Key
A simple, discreet USB-A security key with built-in biometrics
Extensive research has been conducted on every security key that is listed here, across a wide range of devices and services. Factors such as ease of use, durability, compatibility, and security features have been taken into account. In some cases, this includes testing the keys on different operating systems, web browsers, and services to ensure they work smoothly and efficiently.
It was also important to analyze the feedback left by other users who have purchased and used these keys over a period of time. This has helped to determine the long-term reliability of each key and to identify any potential compatibility issues that users might encounter.
A security key is a physical device that generates a unique code used with a password to authenticate your identity when logging into a website or application. It uses public-key cryptography and is more secure than traditional 2FA methods.
The FIDO Alliance consortium has developed open standards for authentication protocols. The authentication standard is based on public key cryptography.
Devices that are FIDO certified allow users to quickly sign into their accounts using physical keys or biometric passkeys, and have also achieved FIDO protection and security standards.
SMS is open to SIM hijacking, while a physical key cannot be copied or the data intercepted. Think about it this way: 2FA verification codes sent via SMS messaging may be intercepted if your smartphone has been infected with malware, including spyware, but unless an attacker has your physical security key in their hand, they cannot grab the code required to access your account.
I recommend having at least two -- one that you use day-to-day, and one to keep as a backup. Personally, I keep one with me in my office or attached to my keychain if I'm travelling abroad, while another is stashed safely away.
Very reliable. I've been using them for years as a Google Advanced Protection Program member, and I've never had one break in use. I wasn't best pleased when I was first assigned to the program and I was required to buy my first Yubico key, but now, I wouldn't be without one.
Here are a few alternatives on the market that could be worth investigating if none of our top recommendations appeals to you. We aren't able to showcase every single worthy security key product on the market, so other options we like the look of are below:
The TrustKey T110 utlizes FIDO2 and U2F authentication with T110 and is compatible across all major browsers.
This security key supports all FIDO-compliant applications on Windows, macOS or Linux.
The YubiKey 5C Nano is a great option if you want a discreet USB-C key to connect to your laptop.