WWW.ZDNET.COM
The best security keys of 2024: Expert tested
Since data breaches are now a daily problem, traditional username and password combinations are nowhere near enough to protect online accounts.Many online service providers now enforce alternative ways to secure accounts. Two-factor and multi-factor authentication (2FA/MFA) methods have become widely adopted alongside passwordless authentication methods in the enterprise. Another option is to verify yourself using a physical security key. Even if a cybercriminal has obtained your username and password or compromised your mobile device, they won't be able to access your data without the key. Security keys are affordable and user-friendly, prevent phishing attacks, and are significantly more secure than SMS-based two-factor authentication. What is the best security key right now? ZDNET's favorite security key is the Yubico YubiKey 5 NFC. It offers excellent security and convenience, making it a worthwhile investment for anyone looking to safeguard their online accounts. This key is compatible with a vast array of protocols and can be configured to provide easy authentication on mobile.ZDNET has tested many security keys throughout the years and frequently tracks market developments and changes. Many of us use security keys ourselves and lean upon our personal experience, customer feedback, and extensive research to shape our recommendations. Below, you will find our top picks for security keys in 2024. Sort by All Best security keys of 2024 Show less View now at Amazon The YubiKey 5 NFC combines useful USB-A connectivity with the versatility of wireless NFC, enabling broad compatibility with a wide range of devices.It is FIDO-certified, which allows it to work with Google Chrome and any FIDO-compliant application on Windows, macOS, or Linux. In addition, its NFC capability makes it compatible with iOS and Android mobile devices, giving you the option to authenticate quickly via your smartphone or tablet. Overall, this makes the YubiKey 5 NFC an excellent option for consumers and businesses alike.The YubiKey USB authenticator has multi-protocol support, including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, smart card (PIV), OpenPGP, and challenge-response capabilities, providing solid hardware-based authentication. Considering it is dust, water, and tamper-proof, this key is a great all-rounder for your security needs.Each key costs $50. Customer feedback indicates that this popular key is an excellent option, although you will need some rudimentary technological knowledge to use it effectively.Yubico YubiKey 5 NFC features:USB-A and NFC compatibility |Compact design | No battery required | Water, dust, and tamper-resistant | FIDO certified | Multi-protocol support | Compatible with iOS and Android mobile devices through NFC Pros Broad versatility NFC makes it compatible with both iPhone and Android devices Cons Expensive, especially if you need two Technical knowledge may be required The YubiKey 5 NFC combines useful USB-A connectivity with the versatility of wireless NFC, enabling broad compatibility with a wide range of devices.It is FIDO-certified, which allows it to work with Google Chrome and any FIDO-compliant application on Windows, macOS, or Linux. In addition, its NFC capability makes it compatible with iOS and Android mobile devices, giving you the option to authenticate quickly via your smartphone or tablet. Overall, this makes the YubiKey 5 NFC an excellent option for consumers and businesses alike.The YubiKey USB authenticator has multi-protocol support, including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, smart card (PIV), OpenPGP, and challenge-response capabilities, providing solid hardware-based authentication. Considering it is dust, water, and tamper-proof, this key is a great all-rounder for your security needs.Each key costs $50. Customer feedback indicates that this popular key is an excellent option, although you will need some rudimentary technological knowledge to use it effectively.Yubico YubiKey 5 NFC features:USB-A and NFC compatibility |Compact design | No battery required | Water, dust, and tamper-resistant | FIDO certified | Multi-protocol support | Compatible with iOS and Android mobile devices through NFC Read More Show Expert Take Show less Show less View now at Amazon The FIDO2 is a USB-A key that functions with the latest Chrome browser and operating systems such as Windows, macOS, or Linux. This option also has backward compatibility with online services complying with U2F protocols.FIDO2 provides passwordless authentication using the FIDO and HOTP protocols. You'll find the most compatibility with desktop and PC applications as there are marginally more restrictions with iOS and Android functionality. What makes this key stand out, however, is how easy it is to setup, making it a great option for first-time security key users.The key is designed with a 360-degree rotating metal cover, shielding the USB connector when not in use. It is also made from durable aluminum alloy to safeguard it against drops, bumps, and scratches.Overall, this security key is reasonably priced at $25. However, it does not have advanced features such as a fingerprint reader, and you will want to buy more than one. Despite this, customers like its sleek and discreet design and find it easy to set up and use.Thetis Fido U2F Security Key features:Tough and durable alloy shell |360-degree design with rotating aluminum alloy cover | Looks like a USB flash drive | Backward-compatible with U2F protocol | Compatible with latest Chrome browser on Windows, macOS, and Linux Pros Great price Discreet design Sturdy Cons No NFC so no support for iPhone and Android Doesn't support macOS logins The FIDO2 is a USB-A key that functions with the latest Chrome browser and operating systems such as Windows, macOS, or Linux. This option also has backward compatibility with online services complying with U2F protocols.FIDO2 provides passwordless authentication using the FIDO and HOTP protocols. You'll find the most compatibility with desktop and PC applications as there are marginally more restrictions with iOS and Android functionality. What makes this key stand out, however, is how easy it is to setup, making it a great option for first-time security key users.The key is designed with a 360-degree rotating metal cover, shielding the USB connector when not in use. It is also made from durable aluminum alloy to safeguard it against drops, bumps, and scratches.Overall, this security key is reasonably priced at $25. However, it does not have advanced features such as a fingerprint reader, and you will want to buy more than one. Despite this, customers like its sleek and discreet design and find it easy to set up and use.Thetis Fido U2F Security Key features:Tough and durable alloy shell |360-degree design with rotating aluminum alloy cover | Looks like a USB flash drive | Backward-compatible with U2F protocol | Compatible with latest Chrome browser on Windows, macOS, and Linux Read More Show Expert Take Show less Show less View now at Amazon The Yubico YubiKey 5 Nano is a discreet, tiny security key that provides the features you need to lock your devices and services while you're on the road. The key supports PCs and other devices via USB-A and is compatible with the Yubico Authenticator app. However, keep in mind that there is no USB-C support.This security key is compatible with various password managers, including 1Password, Keeper, and LastPass Premium, IAM platforms, cloud storage apps, and social media accounts. The Yubico YubiKey 5 Nano will likely work if an application is FIDO-certified.It is also tamper, dust, and water-resistant. Customer feedback shows that users find the key works well across multiple platforms and consider it straightforward to set up and use.Priced at $60, this is slightly more expensive than many on the market, but if you're looking for one of the smallest, portable, and most discreet keys on the market, this could be the right option for you.Yubico YubiKey 5 Nanofeatures:FIDO, FIDO2 certified |Multi-protocol| Supports USB-A | Protects against phishing and cyber attacks | IP68 rated | 1GB memory Pros Water and dust resistant Easy setup FIDO certified Small form factor Cons Expensive No NFC compatibility The Yubico YubiKey 5 Nano is a discreet, tiny security key that provides the features you need to lock your devices and services while you're on the road. The key supports PCs and other devices via USB-A and is compatible with the Yubico Authenticator app. However, keep in mind that there is no USB-C support.This security key is compatible with various password managers, including 1Password, Keeper, and LastPass Premium, IAM platforms, cloud storage apps, and social media accounts. The Yubico YubiKey 5 Nano will likely work if an application is FIDO-certified.It is also tamper, dust, and water-resistant. Customer feedback shows that users find the key works well across multiple platforms and consider it straightforward to set up and use.Priced at $60, this is slightly more expensive than many on the market, but if you're looking for one of the smallest, portable, and most discreet keys on the market, this could be the right option for you.Yubico YubiKey 5 Nanofeatures:FIDO, FIDO2 certified |Multi-protocol| Supports USB-A | Protects against phishing and cyber attacks | IP68 rated | 1GB memory Read More Show Expert Take Show less Show less View now at Amazon An alternative Yubico security key is the $29 C NFC model. The USB-C key is best suited for small businesses that want to implement physical 2FA procedures without spending a fortune.The key is compatible with Android, Windows 10, and iOS devices, as well as services such as AWS, Okta, Google accounts, Apple iCloud, Microsoft, Salesforce, and Cloudflare.These "tap and go" models do not support the Yubico Authenticator app. Instead, they have been designed for affordability and rapid security checks via USB-C, NFC, and FIDO protocols (a 5 series model is best suited if you want more extensive features).The company also offers a Yubico subscription to businesses that want to provide their teams with keys, so this could be the best solution for businesses that need to provide their teams with physical security keys. Customers say the key 'just works', but customer support could be improved.Yubico Security Key C NFC features:FIDO certified, FIDO2/U2F compatible| USB-C | NFC connectivity | No battery required | Suitable for Android, Windows 10, iOS devices and apps | Defends against phishing and account takeovers Pros Slim, lightweight design IP68 rated Subscription alternatives available Cons Only supports FIDO protocols An alternative Yubico security key is the $29 C NFC model. The USB-C key is best suited for small businesses that want to implement physical 2FA procedures without spending a fortune.The key is compatible with Android, Windows 10, and iOS devices, as well as services such as AWS, Okta, Google accounts, Apple iCloud, Microsoft, Salesforce, and Cloudflare.These "tap and go" models do not support the Yubico Authenticator app. Instead, they have been designed for affordability and rapid security checks via USB-C, NFC, and FIDO protocols (a 5 series model is best suited if you want more extensive features).The company also offers a Yubico subscription to businesses that want to provide their teams with keys, so this could be the best solution for businesses that need to provide their teams with physical security keys. Customers say the key 'just works', but customer support could be improved.Yubico Security Key C NFC features:FIDO certified, FIDO2/U2F compatible| USB-C | NFC connectivity | No battery required | Suitable for Android, Windows 10, iOS devices and apps | Defends against phishing and account takeovers Read More Show Expert Take Show less Show less View now at Amazon The Kensington Verimark Fingerprint Key utilizes advanced biometric technology, offering excellent performance, 360-degree readability, and anti-spoofing protection.With Microsoft's built-in Windows Hello login feature, you can log into your Windows computer using your fingerprint. Users can store up to 10 fingerprints, allowing multiple individuals to access the same computer without remembering different usernames or passwords.The Kensington Verimark Fingerprint Key is FIDO U2F certified, meaning your fingerprint can be used as a second-factor authentication to secure cloud-based accounts such as Google, Dropbox, GitHub, and Facebook.You may need to download additional drivers from Kensington's website for different Windows operating systems, and some users report recognition problems. However, it is still a top choice -- especially as the key is available for only $19.Kensington Verimark Fingerprint Key features:Built-in biometrics for added security | Compatible with Windows Hello login feature | Compact and unobtrusive design | Stores up to 10 different fingerprints | FIDO U2F certified for cloud-based account security Pros Compact and unobtrusive Built-in fingerprint reader Affordable Cons USB-A only No support for macOS and ChromeOS May need to download additional drivers The Kensington Verimark Fingerprint Key utilizes advanced biometric technology, offering excellent performance, 360-degree readability, and anti-spoofing protection.With Microsoft's built-in Windows Hello login feature, you can log into your Windows computer using your fingerprint. Users can store up to 10 fingerprints, allowing multiple individuals to access the same computer without remembering different usernames or passwords.The Kensington Verimark Fingerprint Key is FIDO U2F certified, meaning your fingerprint can be used as a second-factor authentication to secure cloud-based accounts such as Google, Dropbox, GitHub, and Facebook.You may need to download additional drivers from Kensington's website for different Windows operating systems, and some users report recognition problems. However, it is still a top choice -- especially as the key is available for only $19.Kensington Verimark Fingerprint Key features:Built-in biometrics for added security | Compatible with Windows Hello login feature | Compact and unobtrusive design | Stores up to 10 different fingerprints | FIDO U2F certified for cloud-based account security Read More Show Expert Take Show less Show less View now at Google The Google Titan security key line, which supports up to 250 passkeys, is an affordable way to bolster your online security. The $30 key is USB-C-compatible and a USB-C to USB-A adapter is included for legacy devices.This stylish option is based on FIDO standards, and it can connect most Android and iOS devices, as well as most devices able to run Google Chrome. If you're looking for a key suitable for most platforms, including Google services, this key is for you -- and as a bonus, it is reasonably priced.Titan security keys are compatible with Google's Advanced Protection Program, a scheme you may be required to join if you are considered at higher risk of cyberattacks -- including phishing and email-based attacks -- than the average consumer. Compatibility requirements are listed here. Setup is easy, but we've found that, on occasion, you may end up in verification loops when you try to register a new device with your key.Google Titan security key features:FIDO-certified security key |USB-A/NFC, USB-C/NFC |USB-C to USB-A adapter | Supports 250 passkeys | Multi-platform | Works with Google's Advanced Protection Program Pros High security standards USB-C adapter included Affordable Cons No biometrics The Google Titan security key line, which supports up to 250 passkeys, is an affordable way to bolster your online security. The $30 key is USB-C-compatible and a USB-C to USB-A adapter is included for legacy devices.This stylish option is based on FIDO standards, and it can connect most Android and iOS devices, as well as most devices able to run Google Chrome. If you're looking for a key suitable for most platforms, including Google services, this key is for you -- and as a bonus, it is reasonably priced.Titan security keys are compatible with Google's Advanced Protection Program, a scheme you may be required to join if you are considered at higher risk of cyberattacks -- including phishing and email-based attacks -- than the average consumer. Compatibility requirements are listed here. Setup is easy, but we've found that, on occasion, you may end up in verification loops when you try to register a new device with your key.Google Titan security key features:FIDO-certified security key |USB-A/NFC, USB-C/NFC |USB-C to USB-A adapter | Supports 250 passkeys | Multi-platform | Works with Google's Advanced Protection Program Read More Show Expert Take Show less What is the best security key? As testers of security keys over the years, we recommend the Yubico YubiKey 5 NFC as the best security key available on the market today. It offers unbeatable security and convenience, making it a worthwhile investment for anyone looking to safeguard their online accounts. However, if this one doesn't suit you, the key features of our other favorites are listed below.Security keyPriceConnector typeNFC supportBluetooth supportWaterproofingSupported servicesCompatible devicesYubico YubiKey 5 NFC$50USB-A and NFCYesYesWater- and dust-resistantGoogle Chrome, FIDO-compliant appsWindows, macOS, Linux, iOS, AndroidThetis Fido U2F Security Key$25USB-ANoNoN/AU2F servicesWindows, macOS, LinuxYubico YubiKey 5 Nano$60USB-ANoNoIP68 water- and dust-resistantU2F and FIDO2 servicesWindows, macOS, LinuxYubico Security Key C NFC$29USB-C and NFCYesYesIP68 water- and dust-resistantFIDO-enabled servicesWindows, Android, iOSKensington Verimark Fingerprint Key$19USB-ANoNoN/AGoogle, Dropbox, GitHub, Facebook, and moreWindowsGoogle Titan security key$30USB-C, NFC, and BluetoothYesYesNo official IP ratingFIDO, Google Chrome services, various appsWindows, macOS, Android, Google Chome compatible devicesNote: Prices and compatibility information may vary based on location and specific devices. This table is based on the information provided in the given descriptions and is subject to change. Show more What's the right security key for you? Choose this security keyIf you wantYubico YubiKey 5 NFCThe best security key out there with broad versatility and compatibility. This FIDO-certified key is an excellent all-rounder with multi-platform compatibility.Thetis Fido U2F Security KeyA cheap, no-frills, tough USB-A security key suitable for beginners. It has a rather stylish design but does lack advanced features.Yubico YubiKey 5 NanoA high-quality, extremely small security key. This key is a great option if you want a security solution you can take with you on your travels thanks to its tiny form factor.Yubico Security Key C NFCThe best value key for small business, considering its compatibility with services including AWS, Okta, Google accounts, Apple iCloud, Microsoft, and Cloudflare.Kensington Verimark Fingerprint KeyA simple USB-A security key with built-in biometrics. This key is discreet, compact, and user-friendly, although it has limited compatibility.Google Titan security keyAn affordable, multi-platform key suitable for Chrome and Google services, Android, and iOS apps . Users can store up to 250 passkeys. Show more Factors to consider when choosing a security key Security keys are an investment in time and money and so it is best to select the right one for you before you connect one to your online accounts, especially as rolling back this decision can be a lengthy process. While you're deciding what security key is right for you, consider the following factors:Service compatibility: Ensure that the key you're interested in is compatible with your primary services, such as your email provider or business tools and platforms.One, or two?: We recommend that you purchase a key and a backup. You can often buy two packs of security keys, but in some cases, you may have to spend more. A backup key that you can store in a safe place is crucial to ensuring you aren't accidentally locked out of your accounts.Security standards: Security keys should adhere to modern security standards, including FIDO2. Check that your choice meets these standards to ensure you receive the best protection possible.Connectivity: Hardware-based security keys use different forms of connectivity, so you should consider what type works best for you, whether USB-based, Bluetooth, or NFC.Hardware: You might need hardware that complies with particular standards or has specific ports for connecting to your devices, so check on your key's specifications before purchase.Environment: If you plan to keep a security key with your house or car key, for example, opt for a model that is resistant to dust, water, and shocks. This may be especially important if you often travel. Price: Choose a security key that matches your budget, keeping in mind you will need to buy two if you want a backup key. Show more How did we choose these security keys? Extensive research has been conducted on every security key that is listed here across a wide range of devices and services. In some cases, this includes testing the keys on different operating systems, web browsers, and services to ensure they work smoothly and efficiently.It was also important to analyze the feedback left by other users who have purchased and used these keys over time. This has helped to determine the long-term reliability of each key and to identify any potential compatibility issues that users might encounter.Our main criteria for selecting these security keys are:Ease of use: There is often a learning curve associated with adopting a new security mechanism or gadget. We wanted to ensure that the next security key you buy is as close to seamless as possible, with easy setup and reasonable compatibility with devices and online services.Durability: As a physical device securing the keys to your digital kingdom, the products we recommend mustn't easily break. After all, they should be reliable enough to be a long-term security measure.Form factors: We include different form factors, such as standard key designs and nano options.Security features: Naturally, the security features of a security key are paramount. We considered each device's support for different authentication protocols alongside security measures, including passwordless authentication and biometrics.Platform, mobile compatibility: We like to see security keys that are compatible with multiple platforms, including the most popular operating systems. It's always a bonus if NFC and mobile support are available.Price point: The cost of your next security key is an important factor to consider. As they are physical, we recommend that you pick up two, just in case one ends up lost. As a result, we wanted to ensure this was affordable. Show more Security key FAQs What are security keys and how do they work? A security key is a physical device that generates a unique code used with a password to authenticate your identity when logging into a website or application. It uses public-key cryptography and is more secure than traditional 2FA methods. You usually plug your key into a trusted device to authenticate yourself. Show more What does FIDO mean? The FIDO Alliance consortium has developed open standards for authentication protocols. The authentication standard is based on public key cryptography.Devices that are FIDO certified allow users to quickly sign into their accounts using physical keys or biometric passkeys and have also achieved FIDO protection and security standards. Show more Why are security keys better than SMS-based 2FA? SMS is open to SIM hijacking, while a physical key cannot be copied or the data intercepted. Think about it this way: 2FA verification codes sent via SMS messaging may be intercepted if your smartphone has been infected with malware, including spyware, but unless an attacker has your physical security key in their hand, they cannot grab the code required to access your account. Show more How many security keys do I need? We recommend purchasing at least two -- one that you use day-to-day and one to keep as a backup. For example, you can keep one in your home office or attached to a keychain if you're on the road, while one is stashed safely away to cover you if you lose your primary key. Show more Can security keys be hacked? Security keys are one of the best authentication methods on the market today and they have very little exploitable attack surface, making them difficult to 'hack' in any way. While there are cases of keys being cloned for academic purposes, as security keys are not constantly connected to the Internet, you don't have to worry about the most common attack vectors having any impact on them. Just keep your key in a safe place. Show more How do security keys prevent phishing? In layman's terms, security keys use encryption and security tokens that only work on genuine websites rather than fake phishing domains. Public and private keys work together to authenticate a user session, but the private key is held on the physical device, reducing the attack surface. Show more Can I use a security key for multiple accounts? Yes, absolutely. Although, the number of accounts can vary depending on the security key you choose. The key's compatibility with different protocols and online services may also determine what accounts you can protect by using one device. Show more What happens if I lose my security key? The answer to this question depends on the provider and the account registered with your key. If you don't have a backup authentication method, such as an authenticator app, try removing the key from your account and registering a new one. If you are locked out, you may also have to contact relevant IT teams or fill out a request, such as the one provided by Google for free Gmail accounts. Show more Are there alternative security keys worth considering? Here are alternatives on the market that could be worth investigating if none of our top recommendations appeal to you. It's not possible to showcase every single worthy security key product on the market, so other options we like the look of are below: Show more Further ZDNET Tech Coverage Smartphones Smartwatches Tablets Laptops TVs Other Tech Resources ZDNET Recommends
0 Comments
0 Shares
9 Views