Unveiling the Ultimate Hardware Security Key Dominating 2023
Increase your online security with the top hardware security keys of 2023 Find the best overall, premium, bio-authentication, key & password manager combo, and open-source options Discover why hardware security keys are essential and learn about certifications and what to do if you lose your key
We have revised our recommendations and now present a new and improved top hardware security key.
Enhance the security of your online accounts with a hardware security key. Each time you log in, simply connect the key and press a button, or touch it to your phone. These keys are compatible with various websites including Google, Facebook, and many others.
UPDATE: 10/19/2023
We've reviewed our recommendations and have updated our best hardware security key overall.
Yubico Security Key C NFC
Best Overall Security Key $29 at Amazon
YubiKey 5 NFC USB-A
Best Premium Security Key $50 at Amazon
Kensington VeriMark Guard
Best Security for Bio-Authentication $60 at Amazon
CryptoTrust OnlyKey
Best Key & Password Manager Combo See at Amazon
Nitrokey 3A NFC
Best Open-Source Security Key Nitrokey
What to Look for in a Hardware Security Key in 2023
If you have ever used the internet, chances are that you are familiar with a security measure known as two-factor authentication, commonly referred to as 2FA. Generally, 2FA requires you to enter a code after inputting your password correctly. This code can be received via an SMS message, an email, or through the use of an authenticator app.
However, these solutions can encounter issues. For instance, SMS messages are vulnerable to interception through SIM-swapping attacks, emails can be compromised through social engineering, and the effectiveness of authenticator apps diminishes if your phone is stolen or misplaced.
This is where security keys step in. Employing Multi-Factor Authentication (MFA) involves utilizing multiple authentication factors, making it more robust than relying on just one vector of authentication. 2FA is a subset of MFA.
The advantage of physical security keys lies in their ability to address the concerns mentioned above related to interception or unauthorized access. Although they can still be susceptible to theft, certain keys incorporate biometrics or require an additional PIN, transforming them into true MFA keys. This ensures that even if the key is stolen, hackers cannot gain unauthorized access to your accounts.
When selecting a hardware security key, it is crucial to prioritize compatibility with the protocols used by your accounts. For instance, if you intend to secure your Twitter, Google, and Facebook accounts, you will require a key that is compatible with these platforms.
Currently, the widely accepted form of authentication is known as FIDO2, which enjoys widespread support. In addition, there exists FIDO U2F, an earlier version of FIDO2, and most devices that support FIDO2 also support FIDO U2F, emphasizing the importance of backward compatibility.
Moreover, hardware security keys offer additional functionalities such as One-Time Passwords (OTP) through protocols like OATH TOTP or Yubico OTP. Additionally, the utilization of OpenPGP encrypts emails and restricts decryption solely to those with the specific OpenPGP key, augmenting the security of emails with an extra layer of protection.
When it comes to choosing the right option, it primarily depends on your specific requirements. If you have no need for OTPs or encrypted emails, a FIDO2 key will likely meet 90% to 100% of your needs.
Furthermore, it is crucial to ensure compatibility with your devices. If you primarily intend to use the key on mobile devices, selecting one with NFC capability is ideal. On the other hand, if you prefer incorporating biometrics such as Windows Hello, opt for a security key with a fingerprint scanner.
So, let's get into what the best hardware security keys are.
|
How Did We Research | ||
|
Models Evaluated |
Hours Researched |
Reviews Analyzed |
|
15 |
8 |
37 |
Best Overall Security Key: Yubico FIDO Security Key C NFC
The product recommendations from How-To Geek are provided by our team of experts who have assisted individuals in resolving their device issues on over a billion occasions. We solely suggest superior products based on our extensive research and knowledge. Our reviews and endorsements are never influenced by monetary compensation. Read More »
Image Credit: Yubico
Pros | Cons |
|---|---|
✓ Affordable USB-C security key with the features most people will need | ✗ Doesn't have support for more advanced protocols |
✓ Supports FIDO U2F and FIDO 2 protocols used by most of the big names | |
✓ Additional support for WebAuthn, CTAP 1, CTAP 2, U2F | |
✓ Includes NFC for securing mobile devices |
The Yubico Security Key C NFC strikes a perfect balance between its features, making it an exceptional hardware security key. It is compatible with various operating systems including Windows, macOS, ChromeOS, and Linux. Additionally, it supports mobile devices through NFC technology and is compatible with many popular MFA systems. Best of all, it comes at an affordable price.
In terms of protocol support, it can handle both FIDO U2F and FIDO2, which are widely utilized by major platforms like Google, Twitter, and Microsoft, as well as popular password managers such as LastPass, 1Password, and Dashlane. To ensure compatibility with your preferred sites and services, a comprehensive list is easily accessible online.
The Yubico key is compact and conveniently fits on a keyring, while also being resistant to water and crushing, ensuring it remains undamaged. Its USB-C connector allows for seamless compatibility with various modern devices, including Android phones. For older computers, there is also a USB-A version available.
While it may not provide the extensive protocol support found in certain other keys, such as our choice for Premium Key, the majority of individuals are unlikely to require those advanced features. In return for a shorter list of supported protocols, you acquire the key at a lower price, which is a reasonable trade-off for most users.
$29 at Amazon
Best Premium Security Key: YubiKey 5 NFC USB-A
Yubico
Pros | Cons |
|---|---|
✓ Wide-range of protocol support | ✗ Expensive for those who don't need the added features |
✓ Several port versions available | |
✓ IP67-rated and with no moving parts makes it very sturdy |
The YubiKey 5 NFC stands out for its broad protocol compatibility, ensuring that virtually all websites and services are compatible with it in some way. This security key is especially suitable for individuals dealing with high levels of security, as it offers comprehensive functionality.
Furthermore, the accompanying app provides access to additional advanced features such as OpenPGP, a secure signature for verifying communications, and an enhanced version of a one-time password. For instance, with the YubiKey 5, you can send encrypted emails through ProtonMail using PGP. Instead of relying on a public key, you have the option to utilize the hardware key for added security.
In addition, the YubiKey 5 offers an intriguing feature called the 'static password,' which serves as an auto-complete function when the button on the device is pressed. When entering a password in a text box, you only need to type a fraction of the 32-character password, and the YubiKey takes care of the rest.
However, there are a couple of drawbacks to the YubiKey 5. Firstly, it comes with a higher price tag, which is justified by the numerous features it provides. Secondly, it may be somewhat challenging to use on mobile devices.
The problems associated with using the key on mobile devices stem from the functionality of apps and browsers on mobile. While it is convenient to use the key on a desktop browser, it also works effectively on a mobile browser. However, many mobile apps require users to enter their passwords within the app, rather than a browser, resulting in certain complications. It should be noted that this issue is not exclusive to the YubiKey 5.
For iPhone users seeking a YubiKey 5, there is a dedicated security key available known as the YubiKey 5Ci. This key is equipped with both USB-C and Lightning connectors, enabling usage across all Apple devices.
$50 at Amazon
Best Security Key for Bio-authentication: Kensington VeriMark
Kensington
Pros | Cons |
|---|---|
✓ Excellent fingerprint reader | ✗ Use on non-Windows platforms can be difficult |
✓ Support for most popular forms of MFA | ✗ Lack of NFC |
✓ Small and portable |
YubiKeys lack a fingerprint scanner, which some users may consider important. The button on the YubiKey is not a biometric scanner but merely verifies if the button is pressed by a human, rather than malicious software. In comparison, the Kensington VeriMark is approximately an inch long and serves as a fingerprint key for laptops. Moreover, there is a dedicated version of VeriMark for desktop fingerprint scanning.
The VeriMark's design suggests that it is intended for stationary use rather than for carrying around. However, it does come with a cap and is perfectly suitable for storage in a pocket or on a keychain.
In terms of protocols, it is compatible with FIDO2, allowing you to utilize it with most services and applications. It can also be utilized for Windows Hello, which indicates its compatibility with the Windows operating system. On the other hand, using the VeriMark on Linux and Mac systems can be somewhat challenging. Additionally, the instructions provided are not very user-friendly, which may discourage individuals with limited technological expertise.
The VeriMark by Kensington offers enhanced security by creating a fingerprint template instead of storing full fingerprints in the device's memory. Its impressive functionality from any angle showcases Kensington's expertise in both the sensor and internal security. However, the absence of NFC limits accessibility for many iPhone users, unless they opt for the desktop version with a USB cable. If one chooses this option, it may require using a Lightning-to-USB adaptor, which introduces unnecessary complexities.
Another concern is that
Best Security for Bio-AuthenticationThe VeriMark offers the best balance of protocol support, cost, and most importantly, fingerprint scanning that works from nearly any angle.
$60 at Amazon
Best Key & Password Manager Combo: OnlyKey
OnlyKey
Pros | Cons |
|---|---|
✓ Can bypass keyloggers | ✗ UI can be a bit obtuse |
✓ Has a self-destruct emergency code | ✗ Bulkier than other security keys |
✓ Wide protocol support | ✗ Lack of NFC |
The CryptoTrust OnlyKey sets itself apart from other security keys by incorporating a password manager directly into the key. This feature offers a significant advantage as it prevents keyloggers from gaining access to your password, as you enter the password characters directly on the security key itself.
Pressing one of the six keys on the OnlyKey is all it takes to input the password into a text field, making it incredibly easy. Furthermore, each button on the OnlyKey allows for both short and long presses, enabling you to store up to 12 distinct passwords. But that's not all - you can add an extra PIN to safeguard each password, setting the OnlyKey apart as one of the rare few, if not the sole security key that encompasses three-factor authentication in its entirety.
The OnlyKey offers support for TOTP, Yubico OTP, and FIDO 2 U2F as part of its 2FA functionality, covering a wide range of sites and apps and ensuring some level of future-proofing. Additionally, it includes a self-destruct code that wipes the entire OnlyKey. However, the downside is that the interface is clunky, which may pose difficulties for non-tech-savvy users during setup and usage. Despite this drawback, the OnlyKey's advantageous and distinctive features compensate for any extra inconvenience.
The CryptoTrust OnlyKey, shown as
Improved Version:
Experience the ultimate combination of a Key and Password Manager with the Best Key & Password Manager Combo - The OnlyKey. What sets it apart is its ability to efficiently handle three-factor authentication solely within its built-in password manager. Despite its slightly bulky design and clunky UI, this security key remains an outstanding choice.
Check it out on Amazon.
Best Open-Source Security Key: Nitrokey 3A NFC
Nitrokey
Pros | Cons |
|---|---|
✓ NFC for remote security | ✗ Fairly expensive |
✓ Wide range of security protocols | |
✓ Fully open-source | |
✓ Several advanced features and tools |
Opting for an open-source hardware security key offers numerous advantages, with one of the most notable being the opportunity to examine the source code and ensure satisfaction with its inner workings. The Nitrokey 3A serves as a prime example, as it not only embraces complete open-source principles, but also encompasses a multitude of cutting-edge features typically exclusive to closed, proprietary security keys.
The Nitrokey 3 offers extensive support for various security protocols such as FIDO2, WebAuthn, GnuPG, OpenPGP, and the older FIDO U2F. This ensures comprehensive security coverage for a wide range of services, including browsing and email.
In addition to the primary security protocols, the Nitrokey 3 provides access to functionalities like One-Time Passwords (OTP), Two-factor Authentication (2FA), and a built-in password manager. Although not all of these features are pre-installed, they can be conveniently added through a straightforward firmware update.
The Nitrokey now includes NFC, allowing you to secure mobile devices without the need for a USB-A to USB-C/Lightning port adapter. While the addition of NFC and a hardware touch button increases the price compared to other Yubikeys on the list, there are non-NFC versions available for those who don't require remote access capability. If open-source is significant to you for a hardware security key and you are willing to pay extra for advanced features, the Nitrokey 3 is an excellent option for securing your desktop and mobile devices.
Introducing the Nitrokey 3A NFC: The Best Open-Source Security Key
Experience the power of a brilliant, open-source hardware security key that goes above and beyond to provide you with a wide range of security options, advanced features, and effortless remote access through NFC technology. When it comes to open-source innovation, the Nitrokey 3A NFC sets the bar high and remains the ultimate choice.
Nitrokey
FAQ
Why should I use a hardware security key?
Hardware security keys provide superior device security by leveraging the concept of the "possession factor." This signifies that the means to access a device or service remains solely in your possession, eliminating the need to rely on a third party.
Should I use a hardware security key over 2FA?
While Two-factor Authentication has its merits, it does have limitations as it depends on a third-party for access and can be vulnerable to breaches. On the other hand, a hardware security key offers enhanced security for your devices and accounts, with the added benefit of providing a 2FA option if required.
What are the security key certifications?
Security key certifications indicate the security level of a device, demonstrating its degree of security. These certifications are determined based on an Evaluation Assurance Level (EAL), which is derived from a standardized digital security assessment known as Common Criteria. EAL ratings range from the least secure (EAL 1) to the most secure (EAL7).
What do I do if I lose my hardware security key?
Before starting to secure your devices with a hardware security key, it is important to first establish recovery methods in case of loss or failure. Many hardware security keys offer the option to set up such methods, often through a companion app. It is crucial to set up these recovery methods beforehand. Failure to do so would require you to remove the key as an authentication device on your accounts.
