Why you can trust ZDNet
Our recommendations are based on many hours of testing, research, and comparison shopping. We may earn a commission when you purchase a product through our links. This helps support our work but does not influence what we write about or the price you pay. Our editors thoroughly review and fact check every article. Our process

‘ZDNet Recommends’ What exactly does that mean?

ZDNet’s recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.

When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNet nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.

ZDNet's editorial team writes on behalf of YOU, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form

Close

Best security key 2022: Protect your online accounts

While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.

Being sensible when it comes to passwords is important, and a crucial step to securing your online life.

However, some of your online accounts -- for example, your Google Account or Dropbox -- might be so important and contain such a wealth of information that you might want to take additional steps to protect them. There's no better way to secure your online accounts than to use hardware-based two-factor authentication (2FA). 

Security keys are easy to use, put an end to phishing attacks, cheap, and are less hassle and much more secure than SMS-based two-factor authentication. And the good news these days is that you can get security keys in a variety of formats: USB-A and USB-C, Lightning for iPhone users, and even keys that use Bluetooth.

So, let's take a look at the best security keys currently available.

YubiKey Bio

Biometric authentication built right into a security key

ykbio-c-a-macbook-windows-1.jpg

The YubiKey Bio features biometric authentication built right into a security key! It uses a three-chip architecture that stores the biometric fingerprint in a separate secure element, offering protection from physical attacks.

This, according to Yubico, allows the YubiKey Bio to "act as a single, trusted hardware-backed root of trust which allows the user to authenticate with the same key across multiple desktop devices, operating systems, and applications."

For when biometrics are not supported, users can enter a PIN entered during the initial setup.

The YubiKey Bio supports FIDO2/WebAuthn, U2F and comes in USB-A and USB-C form factors.

YubiKey 5C NFC

All-rounder for the modern system

security-key-1.jpg

Now that USB-C is becoming the standard on laptops, desktops, and Android smartphones, it made sense for Yubico to bring USB-C and NFC together into a single key. 

The YubiKey 5C NFC is FIDO-certified and works with Google Chrome and any FIDO-compliant application on Windows, Mac OS, or Linux. Secure your login and protect your Gmail, Facebook, Dropbox, Outlook, LastPass, Dashlane, 1Password, accounts, and more.

YubiKey USB authenticator includes NFC and has multi-protocol support including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, Smart card (PIV), OpenPGP, and Challenge-Response capability to give you strong hardware-based authentication.

Yubico YubiKey 5 NFC

Probably the best all-round security key

security-key-2.jpg

Brings together the ubiquity of USB-A with the versatility of wireless NFC, which gives it broad compatibility across a wide range of devices. The FIDO certification means it works with Google Chrome and any FIDO-compliant application on Windows, MacOS, or Linux, and the NFC makes it compatible with iOS and Android devices.

The YubiKey 5 NFC is FIDO certified and works with Google Chrome and any FIDO-compliant application on Windows, MacOS, or Linux. YubiKey USB authenticator includes NFC and has multi-protocol support including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, Smart card (PIV), OpenPGP, and Challenge-Response capability to give you strong hardware-based authentication.

YubiKey 5Ci

USB-C one side, iPhone Lightning on the other

security-key-8.jpg

Got an iPhone? This key is for you. All the goodness of a YubiKey, but with the convenience of a Lightning connector.Not cheap compared to the USB-C and USB-A versions with NFC, but it's a nice touch for iPhone users.

Yubico Yubikey 5C

Good choice for Mac users

security-key-3.jpg

This is a 2FA security key built around a USB-C plug. If you're using mostly Macs or modern laptops and desktops, this is a great choice. Also a good choice for those using Android devices. 

The YubiKey 5C is FIDO certified and works with Google Chrome and any FIDO-compliant application on Windows, MacOS, or Linux. The YubiKey USB authenticator has multi-protocol support including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, Smart card (PIV), OpenPGP, and Challenge-Response capability to give you strong hardware-based authentication.

Yubico YubiKey 5 Nano

Tiny security key is tiny!

security-key-4.jpg

The tiniest YubiKey available! No bigger than a fingernail, and it fits discreetly into a USB-A port.

The YubiKey 5 Nano is FIDO certified and works with Google Chrome and any FIDO-compliant application on Windows, MacOS, or Linux. The YubiKey USB authenticator has multi-protocol support including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, Smart card (PIV), OpenPGP, and Challenge-Response capability to give you strong hardware-based authentication.

Thetis Fido U2F Security Key

A security key that looks like a flash drive

security-key-6.jpg

FIDO2 key is backward-compatible with U2F protocol and works with the newest Chrome browser with operating systems such as Windows, MacOS, or Linux. U2F can be supported and protected on all websites that follow U2F protocols.

Designed with a 360-degree rotating metal cover that shields the USB connector when not in use. Also, crafted from a durable aluminum alloy to protect the Key from drops, bumps, and scratches.

A very reasonably priced security key.

Google Titan Security Keys

Google offers a range of keys at a decent price

2021-10-06-13-14-34.jpg

Titan Security Keys include special firmware engineered by Google to verify the key's integrity and are built on FIDO open standards, so you can use them with many apps and services.

Google offers a range of keys:

  • USB-C
  • USB-A

Kensington Verimark Fingerprint Key

Convenience of using your fingerprint unlock devices

security-key-7.jpg

Fingerprint reader with advanced fingerprint technology combines superior biometric performance and 360-degree readability as well as anti-spoofing protection.

Login on your Windows computer using Microsoft's built-in Windows Hello login feature with just your fingerprint. No need to remember usernames and passwords. It can be used with up to 10 different fingerprints, so multiple users can log in to the same computer.

Because the Kensington Verimark Fingerprint Key is FIDO U2F Certified, your fingerprint can protect your cloud-based accounts such as Google, Dropbox, GitHub, and Facebook with FIDO second-factor authentication.

FAQ

Why are security keys better than SMS-based 2FA?

SMS is open to SIM hijacking, while a physical key cannot be copied or the data intercepted.

How many keys do I need?

I recommend having at least two -- one that you sue, one as a backup.

Is there one security key that does everything?

This depends on your setup and use. I find that I can manage with my YubiKey 5Ci for most of the time, but I do have a USB-C and USB-A YubiKey Series 5 keys as backups. 

How reliable are security keys?

Very reliable. I've been using them for years, and I've never had one break in use (and they've been subjected to heat, water, sea water, and being roughed about a lot).

Show Comments