A hardware security key is a physical gadget—like a USB stick—that gives you an extra layer of security through multifactor authentication (MFA). When you sign in to certain services, you’ll plug it in and either tap or touch it on a compatible device to confirm it’s really you.

What to Look For in a Hardware Security Key

If you’ve spent any time online, you’ve probably come across two-factor authentication (2FA,) where you log in with your password, then get a code sent to your phone or email that you have to punch in. Sometimes you get it from an authenticator app instead.

Unfortunately, these methods aren’t bulletproof. SMS codes can be intercepted with SIM-swapping attacks, emails can be hacked through social engineering, and authenticator apps are useless if your phone gets stolen—or if you just forget it at a coffee shop.

This is where security keys are helpful as a form of Multi-Factor Authentication (MFA)—you add more than one layer of security to prove it’s really you logging in. Unlike SMS or email codes, physical security keys can’t be intercepted or hacked remotely.

Yes, they can be stolen, but some security keys come with biometrics or require a PIN, so even if someone gets their hands on your key, they cannot access your accounts without your fingerprint or tap.

So, when shopping for a security key, ensure it supports your accounts’ protocols. For example, if you want to secure your Twitter, Google, and Facebook accounts, you’ll need a key that works with all of them.

The most common protocol right now is FIDO2, which almost every major service supports. There’s also FIDO U2F, an older version of FIDO2, but most devices that support FIDO2 are backward compatible with U2F.

Some keys have extra features, like One-Time Passwords (OTP) through protocols such as OATH TOTP or Yubico OTP. Others support OpenPGP, which encrypts your emails so only someone with the right OpenPGP key can read them.

On the other hand, if you don’t care about OTPs or encrypted emails, a simple FIDO2 key will cover almost all of your needs.

Also, make sure your key works with the devices you use the most. If you’re mainly securing stuff on your phone, get a key with NFC for easy tap-and-go access. If you want to use biometrics like Windows Hello, use a security key with a fingerprint scanner.

Best Security Key Overall: Yubico YubiKey 5 NFC

The Yubico YubiKey 5 NFC is easily one of the best security keys for most people who use Google, Windows, macOS, ChromeOS, or Linux and are serious about their online security. It also works with Android and iOS. It provides strong two-factor authentication across over 300 popular services, including password managers and social media platforms. You can check here to see if your favorite services are supported.

Setup is easy, and once you’re up and running, using it is a breeze. Just plug it into a USB-A port on your PC or tap it on a compatible NFC-enabled mobile device when prompted, and you’re all set.

The YubiKey 5 NFC is part of Yubico’s Series 5 keys and works with the Yubico Authenticator app. The app supports FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, smart card (PIV), OpenPGP, as well as challenge-response authentication. Finally, with an IP67 water resistance rating, it’s built with durable materials that resist water, dust, and tampering.

With wide compatibility, multi-protocol support, and USB-A/NFC connectivity, the YubiKey 5 NFC is a solid choice for locking down your online accounts.

Best Security Key Overall

Yubico YubiKey 5 NFC

The Yubico Yubikey 5 NFC is the best security key for people looking for the perfect balance of cost, features, and functionality with FIDO multi-protocol support.

$50 at Amazon

Best Budget Security Key: Yubico Security Key C NFC

If you’re on a tight budget but still want tight security, the Yubico Security Key C NFC is the perfect budget security key. Priced at under $30, it’s a steal compared to enterprise-grade keys that can cost hundreds—or even thousands—of dollars. It’s also easy to use and, like all the featured security keys on our list, does not require batteries or Wi-Fi. Just plug it into a USB-C port or tap it on an NFC-compatible device, and you’re good to go.

This key works with Windows, macOS, ChromeOS, Linux, and supports Google and Microsoft accounts along with popular password managers. It’s compatible with FIDO2 for password-less login and FIDO U2F for second-factor authentication.

While it doesn’t support OTP and other advanced features like the Yubikey 5 NFC, it’s built tough and is also resistant to water, dust, and tampering. If you’re looking for a simple, budget-friendly key, this one’s a no-brainer.

Best Budget Security Key

Yubico Security Key C NFC

The perfect way for the average computer or phone user to improve their digital security. The Yubico Security Key C NFC is compatible with a wide variety of devices, supports the most common protocols in FIDO U2F and FIDO2, and is robust enough to survive life on a keychain. All for less than $30. 

$29 at Amazon

Best Basic Hardware Security Key: Thetis FIDO U2F Security Key

If you’re looking for something basic and beginner-friendly, the Thetis FIDO U2F Security Key is worth checking out. It’s designed to be simple, so even someone less tech-savvy can use it.

Like Yubico security keys, setting up the Thetis security key is straightforward. To use it, plug it into a USB-A port and press the button to approve your login. It works with Chrome and Opera (version 40 and later) on Windows, macOS, and Linux. You’re good to go as long as the website supports FIDO U2F. That means popular services like Google Workspace, Facebook, and Salesforce are all compatible.

However, this key doesn’t work with any email client and is not compatible with OTP or UAF protocols. If you need those features, consider the Thetis FIDO2 HOTP Security Key instead. But for a basic security key that gets the job done, the Thetis FIDO U2F is a great entry-level option at a budget-friendly price that’s hard to beat.

Best Basic Security Key

Thetis Fido U2F Security Key

The Thetis FIDO U2F Securty Key is ideal for those who are new to hardware security keys, who want an affordable, simple, no-frills experience.

$20 at Amazon

Best Security Key for Biometrics: Kensington VeriMark Fingerprint Key

The Kensington VeriMark Fingerprint Key is a fantastic option if you prefer a fingerprint security key. It’s small, affordable, and sits flush with your PC’s USB-A port, so it doesn’t stick out awkwardly.

This little device stores up to 10 fingerprints, so it’s great for individual use or small teams. It also works with Microsoft’s Windows Hello, letting you sign in with facial recognition or fingerprint scanning. This Kensington security key works on PCs running Windows 7 and later, but it’s incompatible with macOS and ChromeOS. It also works with docking stations and USB-C adapters.

Once it’s plugged in, simply press your finger on the sensor to authenticate. It supports 360-degree readability, meaning it’ll recognize your print no matter the angle. It’s FIDO U2F-certified and works with services from Google, Meta, and GitHub, as well as password managers like Dashlane, Keeper Premium, and Roboform.

Best Security Key With Fingerprint

Kensington Verimark Fingerprint Key

The Kensington Verimark Fingerprint Key is the go-to security key for those who prefer an affordable way to authenticate login via biometrics. It works with Microsoft Windows Hello and stores up to 10 fingerprints.

$24 at Amazon

Best Security Key for Google Services: Google Titan Security Key

If you’re already heavily invested in the Google ecosystem, the Google Titan Security Key is your best bet. Created by Google, it expectedly works perfectly with Google services, but the security key also works with many other platforms.

Unlike other security keys that store only a few fingerprints, the Google Titan can store up to 250 passkeys, making it super versatile, even with non-Google services. It works with Google phones, Chromebooks, tablets, and anything that can run Google Chrome. It’s also compatible with Google’s Advanced Protection Program, which offers extra security for high-risk users.

The Titan Security Key comes in two versions: USB-A with NFC (and a USB-C adapter) or USB-C with NFC for just $5 more. Whichever you go for, you’re sure to get good value for your money. Built on the FIDO protocol, it offers secure two-factor authentication and is tough enough to handle daily wear and tear. Setup can be tricky at first—you might have to repeat some steps—but once it’s ready, it’s smooth sailing.

Best Security Key for Google Services

Google Titan Security Key

The Google Titan Security Key is the best choice for users who are familiar and comfortable with the Google ecosystem. FIDO-certified, it has solid features and also supports non-Google services and platforms.

See at Google Store

FAQ

Why should I use a hardware security key?

Hardware security keys are highly recommended because of the “possession factor”; the fact that you alone possess the means of access, in this case, a hardware security key.

What are security key certifications?

Security key certifications show how secure a device is. Each Evaluation Assurance Level (EAL) comes from Common Criteria security tests—a global standard for evaluating digital security—they range from EAL1 (basic security) to EAL7 (the highest level of security).

What should I do if I lost my hardware security key?

During initial setup, most hardware security keys prompt you to set up a recovery method. If you did and you lose your key, simply remove the key as an authentication device on your account. Alternatively, you can use a backup security key if you have one already set up. Otherwise, there’s really nothing much you can do.

Can any USB drive be a security key?

Yes, you can turn just about any USB drive into a security key using tools like Predator (Windows), Rohos Logon Key (Windows, Mac), and USB Raptor (Windows). Predator and Rohos Logon Key require payment to unlock their full features.