THE BEST HARDWARE SECURITY KEYS FOR TWO-FACTOR AUTHENTICATION

hen it comes to protecting your data, SMS-based or app-based two-factor authentication using your smartphone is more secure than depending only on passwords. But it can also be time-consuming to set up and use. Hardware-based security keys provide a fast, no-fuss way to use two-factor authentication without having to mess around with your phone. They are based on the FIDO U2F standard, a security protocol that is difficult to intercept; it was developed by Google and security company Yubico, and is now administered by the FIDO Alliance.

While Yubico helped develop the standard, it is not the only company that produces security keys, so it’s wise to shop around. A lot of what makes buying a security key tricky is first figuring out which device(s) you plan to use it with. Yubico offers different keys for devices with USB-A, USB-C, or NFC connections, while Google offers one that uses Bluetooth. You should also check out whether your apps support the U2F standard. (Yubico has a list of apps that work with its key; since most keys use the same standard, they should also work with those services.)

Unfortunately, while you can use a key to authenticate a macOS system, there is not yet a key that will get you into Windows — unless you’re fond of the Edge browser. The new FIDO2 standard, which was built to enable password-free authentication, can use Windows Hello together with Microsoft’s Edge browser to authenticate Windows, if the key supports it.

Otherwise, it’s best to go with a security key that is simple to set up, convenient to carry, and will keep your various apps safe and secure.

THE BEST SECURITY KEY FOR MOST PEOPLE: YUBIKEY 5 NFC

Yubico’s YubiKey 5 NFC — which uses both a USB-A connector and wireless NFC — is the best key for logging into your online accounts, services, macOS computers, Android devices, and the iPhone 7 and up. I’ve never had any issues using it in a USB-A port, or with a mobile device using the NFC feature. The YubiKey 5 NFC supports a plethora of security standards, including OTP, Smart Card, OpenPGP, FIDO U2F, and FIDO2.

The key itself is “made in the USA and Sweden,” and comes packaged in a simple cardboard and plastic container. It has a single, easily identifiable gold disk for you to press when you want to confirm your sign-in and includes a keyhole ring to use with a keychain so you don’t lose your valuable security key. It’s also incredibly durable, waterproof, and crush resistant. I’ve been carrying this key around in my pocket, attached to a keychain, and bouncing around inside my backpack, and it hasn’t had any noticeable damage.

Yubcio sells the individual YubiKey 5 NFC keys for $45, as part of a two-pack for $90, a 10-pack for $432, or a whole set of 50 for $2,160, if you need that many security keys for a team. It’s proven itself to work for logging into my social media and email accounts time and time again. This is definitely the best key for most users — my only complaint is that Yubico doesn’t sell a similar version for USB-C.

9VERGE SCORE

YUBICO YUBIKEY 5 NFC

Buy for $45.00 from Yubico Buy for $45.00 from Amazon

THE BEST SECURITY KEY FOR USB-C USERS: YUBIKEY 5C

Yubico also makes a USB-C compatible security key that works with the same OTP, Smart Card, OpenPGP, FIDO U2F, and the FIDO2 standards as the USB-A version, but without the NFC connectivity. Another trade-off: the YubiKey 5C costs $5 more than the NFC version, at $50 each. But if your desktop system or Android phone uses a USB-C port, this is your best option.

Unfortunately, the 5C doesn’t support iOS devices, which require a Lightning port. According to Yubico, the company is planning to release a Lightning security key sometime later this year.

The 5C key is water-resistant, but incredibly tiny and easily misplaced, so I’d recommend attaching it to a keychain.

8.5VERGE SCORE

YUBICO YUBIKEY 5C

Buy for $50.00 from Yubico Buy for $50.00 from Amazon

THE OTHER CONTENDERS

These are the other security keys that I tested alongside the USB-A and USB-C winners. Some of these keys have other connectivity options and additional functions, adding more features to an already specialized product.

For example, the Kensington VeriMark Fingerprint security key functions both as a Windows Hello fingerprint scanner and a U2F security key. However, it requires downloading a software driver to use the fingerprint feature, so it’s less user-friendly out the box and requires additional setup to use all of its capabilities.

If you’re comfortable using Bluetooth for your security key, Google’s Titan Security Key bundle comes with a standard USB-A key (along with a USB-C adapter), and a second Bluetooth-enabled key. However, the fact that the Bluetooth key needs to be charged (via a Micro USB port) can be a problem.

8VERGE SCORE

YUBICO YUBIKEY 5 NANO

GOOD STUFF

  • Small and very portable for USB-A
  • Water resistant
  • Tiny hole for keychain / lanyard

BAD STUFF

  • Not crush resistant
  • Not compatible with mobile devices
  • Connector is fully exposed to the elements
Buy for $50.00 from Yubico Buy for $50.00 from Amazon
8VERGE SCORE

THETIS FIDO U2F SECURITY KEY

GOOD STUFF

  • Aluminum alloy casing rotates 360 degrees, protecting USB connector
  • Less expensive than other keys

BAD STUFF

  • Turning mechanism is tough to move at first
  • No connectivity for mobile devices
  • Bulkier than other security keys
Buy for $19.99 from Thetis Buy for $16.95 from Amazon
7.5VERGE SCORE

GOOGLE TITAN KEY

GOOD STUFF

  • Includes two keys (one USB-A, one Bluetooth)
  • Both keys are small and can be attached to a keychain
  • Supports Google Advanced Protection / mobile devices via Bluetooth

BAD STUFF

  • Bluetooth takes some setting up
  • White paint easily chips off on the Bluetooth module
  • Requires you to use the included dongle for USB-C ports
Buy for $50.00 from Google
7.5VERGE SCORE

THETIS BLE U2F SECURITY KEY

GOOD STUFF

  • Aluminum alloy casing rotates 360 degrees, protecting USB connector
  • Bluetooth Low Energy support for use with mobile devices
  • Less expensive than Google’s Bluetooth / USB-A key

BAD STUFF

  • Bulkier than other security keys
  • Requires an app to work with mobile devices
Buy for $29.99 from Thetis Buy for $23.99 from Amazon
7VERGE SCORE

YUBIKEY 5C NANO

GOOD STUFF

  • Incredibly tiny
  • Compatible with Android devices
  • Water resistant

BAD STUFF

  • It’s so tiny that if you unplug it, you’ll probably lose it
  • No key ring for safe storage
  • Not crush resistant
Buy for $60.00 from Yubico Buy for $60.00 from Amazon
7VERGE SCORE

KENSINGTON VERIMARK FINGERPRINT KEY

GOOD STUFF

  • Has fingerprint scanner for use with Windows Hello login
  • Conveniently small

BAD STUFF

  • Cheap, dinky plastic cover
  • Requires driver / system restart to get working fully
  • Can’t be used with mobile devices
Buy for $49.99 from Kensington Buy for $37.98 from Amazon

[“source=theverge”]

You may also like...