It would be terrible to lose control of an internet account to a cybercriminal. The greatest method to protect an account is to enable multi-factor authentication, or MFA. This way, even if an attacker manages to get your login and password, they will be unable to access your account.
The most secure MFA option is a physical security key because it is a separate authentication device that is impervious to phishing attacks. Considering its low cost and compatibility with nearly all websites that accept security keys, the Yubico Security Key C NFC is the ideal option. If you are already comfortable with security keys and require or desire additional functionality, the Yubico YubiKey 5C NFC is a more expensive but valuable option.
Who this is for
You need more than just passwords to secure your online accounts. Regular data breaches and the use of weak, reused passwords rather than password managers facilitate the takeover of online accounts by malicious actors. Multi-factor authentication (MFA), also known as two-factor authentication (2FA) in certain places, is the answer. How MFA functions An authenticator app or placing your thumb on your phone’s fingerprint sensor are two examples of additional identity verification that you must provide when logging in to a website.
Using a security key, a tiny physical item, is an additional method of logging in. Enrolling a security key for use with the account is possible if the website supports them. Using the FIDO authentication protocol, the key cryptographically validates its authenticity. Essentially, you insert the key into your computer (or touch it against a phone) and the website verifies your identity instead of inputting a security code after entering your password.
Security keys offer a number of significant advantages over alternative authentication methods. You can input the code that an authentication software creates on your phone with ease. On the other hand, security keys spare you the trouble of having to locate your phone, copy the code, and then paste it before the timer goes off. You’ll value security keys’ simplicity if you’re annoyed by having to go between applications to input a security code or if you frequently type the code wrong.
Moreover, security keys function when other MFA alternatives do not. You are unable to create authentication codes if your phone is unresponsive. Security keys are a desirable option for regular travelers because you cannot get SMS codes while you are outside of phone service. The finest security keys don’t even need batteries, and they don’t require a data connection. Additionally, they are more resilient than phones, which include a lot of delicate parts.
According to Bob Lord, senior technical adviser at the Cybersecurity and Infrastructure Security Agency, the primary benefit of security keys is their resistance to phishing assaults (CISA). You might be tricked by a phishing scam into entering your password, the code for the authenticator app, or an SMS code that can be captured using SIM jacking. But only the websites you’ve registered security keys with will accept them.
Advanced security keys are capable of functions beyond simple authentication. Some feature biometric authentication so you can use your fingerprint to log in, the ability to save and replay credentials, and the ability to log in to computers. As most people are already familiar with multi-factor authentication, these sophisticated capabilities are most helpful to them, which is why we advise most individuals to use a more basic security key.
But security keys have a few significant disadvantages. They are more expensive than other MFA systems, ranging from $20 to $95. Due to the possibility of loss or destruction, experts we consulted suggested purchasing a backup security key, which would double the cost. Additionally, not all websites and services accept security keys, therefore an authenticator software is still required. However, there is an overall security benefit to employing a security key for even a small number of critical services—like your principal email accounts, which may be used for password recovery.
Derek Hanson, vice president of Solutions Architecture and Alliances at Yubico, stated, “They don’t have to work everywhere, they don’t have to do everything, but they will protect the biggest most precious things that you have online.”
The experts we spoke with consistently told us that, in spite of the inconvenience associated with security keys, any form of multi-factor authentication (MFA) is preferable to none at all. Authenticator applications are generally a preferable option if you’re new to using MFA because they’re convenient, cost-free, and widely recognized. However, security keys are a terrific approach to improve your online security if their benefits sound appealing and you believe you would use them.
Our pick: Yubico Security Key C NFC
For the majority of users, the Yubico Security Key C NFC is the greatest security key due to its affordable pricing and broad compatibility. It is an upgraded version of our previous best choice that is compatible with more recent authentication standards. It shares almost the same design as our upgrade choice, but it is devoid of the sophisticated functionality of that key. Nonetheless, the Security Key C NFC is more reasonably priced and sufficiently capable, barring the necessity to produce MFA codes or use it as a smart card.
Almost any website that accepts security keys can use it. Updated Security Key C NFC is compatible with the more traditional—but still frequently used—FIDO U2F protocol. Additionally, it is compatible with the more recent FIDO2/WebAuthn protocol, which enables passkey storage and password less authentication. That implies that this security key will likely be useful to you for a very long time.
It offers dependable cross-platform support. Purchasing a security key that is incompatible with any of your devices is not worth it. In our most recent testing, the Yubico Security Key C NFC coexisted peacefully with the 15-inch MacBook Air, Pixel 7a, iPhone 14 Plus, and the Lenovo Windows 11 laptop.
It can withstand being on your keychain for a long time. It is a pleasure to hold and very well-made, is the Security Key C NFC. You tap the recessed, touch-sensitive disk on the surface of the slightly rough plastic shell to authenticate yourself. Despite being lightweight, Yubico’s goods feel solid and didn’t give way or squeak when we tried to bend them. In contrast, a lot of competitor keys seemed hollow, cheap, and plastic-y. Even in ideal illumination, the slight scratches on the Security Key C NFC were hard to discern after our shake test. We have been using Yubico devices for years, and we can state with confidence that they will function flawlessly when carried on keychains.
Yubico provides good customer service and simple onboarding. The URL on the Yubico package, which has to be ripped apart to reveal attempts made by anyone to tamper with the key within, goes to the company’s onboarding materials. People can locate pertinent setup documents and instructional (if a little antiquated) movies with ease thanks to a visual menu that makes it easy for them to identify their keys. Additionally, Yubico provides a very useful list of services that work with their keys. We discovered that Yubico’s website provides helpful customer service. Customer care answered our inquiry in a timely manner and provided us with a comprehensive and considerate response.
For the majority of users, the Yubico Security Key C NFC is the greatest security key due to its affordable pricing and broad compatibility. It is an upgraded version of our previous best choice that is compatible with more recent authentication standards. It shares almost the same design as our upgrade choice, but it is devoid of the sophisticated functionality of that key. Nonetheless, the Security Key C NFC is more reasonably priced and sufficiently capable, barring the necessity to produce MFA codes or use it as a smart card.
Almost any website that accepts security keys can use it. Updated Security Key C NFC is compatible with the more traditional—but still frequently used—FIDO U2F protocol. Additionally, it is compatible with the more recent FIDO2/WebAuthn protocol, which enables passkey storage and passwordless authentication. That implies that this security key will likely be useful to you for a very long time.
It offers dependable cross-platform support. Purchasing a security key that is incompatible with any of your devices is not worth it. In our most recent testing, the Yubico Security Key C NFC coexisted peacefully with the 15-inch MacBook Air, Pixel 7a, iPhone 14 Plus, and the Lenovo Windows 11 laptop.
It can withstand being on your keychain for a long time. It is a pleasure to hold and very well-made, is the Security Key C NFC. You tap the recessed, touch-sensitive disk on the surface of the slightly rough plastic shell to authenticate yourself. Despite being lightweight, Yubico’s goods feel solid and didn’t give way or squeak when we tried to bend them. In contrast, a lot of competitor keys seemed hollow, cheap, and plastic-y. Even in ideal illumination, the slight scratches on the Security Key C NFC were hard to discern after our shake test. We have been using Yubico devices for years, and we can state with confidence that they will function flawlessly when carried on keychains.
Yubico provides good customer service and simple onboarding. The URL on the Yubico package, which has to be ripped apart to reveal attempts made by anyone to tamper with the key within, goes to the company’s onboarding materials. People can locate pertinent setup documents and instructional (if a little antiquated) movies with ease thanks to a visual menu that makes it easy for them to identify their keys. Additionally, Yubico provides a very useful list of services that work with their keys. We discovered that Yubico’s website provides helpful customer service. Customer care answered our inquiry in a timely manner and provided us with a comprehensive and considerate response.
Upgrade pick: Yubico YubiKey 5C NFC
If you know how to take use of all the capabilities that the Yubico YubiKey 5C NFC has to offer—like supporting Yubico OTP and storing OpenPGP keys—it’s the best security key. This key costs almost twice as much as our top choice, but its features more than make up for it. Although Yubico rarely lowers its costs, it occasionally gives customers who buy multiple keys a discount. The YubiKey 5C NFC may or may not give you value for your money, depending on how you use it.
It supports a wide range of MFA choices. The most powerful keys on the market are the YubiKey 5C NFC and its siblings in the YubiKey 5 series. In addition to supporting Yubico OTP, OATH-HOTP, and OATH-TOTP protocols, this key supports the widely used FIDO2/WebAuthn and FIDO U2F protocols. Using Yubico’s companion app, the 5C NFC can store one-time-use codes (TOTP) for 32 sites and services in addition to passkeys.
Just remember that there are different MFA systems even if you don’t understand the meaning of any of those acronyms or their significance. Though hardly many people utilize them, the YubiKey 5C NFC is incredibly versatile because it supports them all. The finest users of these keys are those who are proficient with these sophisticated functions. The Security Key C NFC is the key to purchase for all others.
It offers more features than only verification. Expert users can additionally set up the YubiKey 5C NFC to store OpenPGP keys for information signing and encryption, to operate as a smart card (PIV protocol), and to securely log in to a computer. Moreover, you can modify the key’s functionality via the Yubico desktop application. Once more, these are sophisticated functions meant only for experienced users.
It provides the superior design and customer service of Yubico. The YubiKey 5C NFC is well-made and provides extensive onboarding and support materials, just like our top selection. However, the fact that neither of them has an upgradeable firmware and is closed-source may bother people who prefer the openness of open-source technology.
Other good security keys
In case you wish to keep passkeys offline: The updated Google Titan Security Key is compatible with both FIDO U2F and FIDO2/WebAuthn, and it can function as an MFA device in nearly all locations that accept security keys. It also has support for NFC. Its capacity to hold up to 250 passkeys onboard—ten times more than a Yubikey—is what sets it apart. That makes it ideal for users who want to utilize passkeys but don’t want them saved in the cloud or synchronized between devices.
There are certain shortcomings with the Titan Security Key. We found that the Pixel 7a had a tougher trouble identifying it than other keys, and that it costs more than our top choice. Its Chinese manufacturing may be a deal breaker for some people.