Best Hardware Security Keys for Multi-Factor Authentication
When it comes to securing online accounts, most people don't think beyond a username and password and even then, they re-use their passwords or use weak passwords.
Both of these habits are bad security practices as any hacker worth his salt can find a way to crack these passwords and take control of your online accounts.
This is why, having a strong, unique password is the first step in securing your online accounts, but it doesn't stop there. Even the best passwords can be cracked with enough time and that is why you need a second layer of defense for your online accounts and that is multi-factor authentication.
What is Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA), often called two-factor authentication (2FA), is a method of using more than one authentication factor for accessing online accounts. Contrary to this, the username and password method only use a single factor, the password.
This other factor in MFA can be any two of the following:
- Something you know: This is usually a password, but it can also be a token or a PIN that you receive via SMS
- Something you have: This can be an authentication app on your smartphone or a physical security key (we'll later take a look at the best hardware-based security keys currently on the market)
- Something you are: This is a physical characteristic that you possess, such as a fingerprint, iris scan, palm scan, facial recognition, etc.
Since we already talked a bit about the other two factors (check out this article if you want to know the pros and cons of biometric authentication), we'll focus here on physical security keys, including how they work and what are the best security keys in 2022.
What are Hardware-Based Security Keys and How Do They Work?
Hardware keys can come in many different forms, from a USB stick, a nano-key, etc, but essentially they are all small physical devices that can uniquely identify themselves to a service or website.
Each security key has its own private key from which it can generate any number of public keys, which means it can be used on any number of websites and services.
How does this work?
You first need to connect the key with the site or service that you want to protect.
This process can be different from one site to another, but usually, there's an option on the website or in the service settings to enroll a security key.
Once you click this option, you'll be prompted to press the button on your security key and provide the key's record name.
And that's basically it. Now, depending on the site or service, you might be limited to one security key, or you might use multiple.
Now, when you try to log in to the site or service next time, you'll be asked to provide your security key in addition to the username and password. You do that by connecting the key via a USB-A or USB-C device and verifying that you're a living, breathing human and not a malware bot pretending to be a security key by pressing the button on the device.
And voila! If both factors (password and security key) are authentic, you can log in.
What is the Best Security Key in 2022?
Of course, there are many security keys out there and the choice isn't always clear-cut. So, to make the choice a bit easier for you, here are the 5 best security keys to protect your online accounts in 2022:
Yubico YubiKey 5 NFC
The Yubico YybiKey 5 NFC security key is an excellent all-around choice for most users as it is compatible with most online services, including Google Chrome and Dropbox, Android devices, iPhone devices (from 7 up), macOS and even your favorite password manager like LastPass.
The YubiKey 5 NFC uses a USB A port or an NFC, while it's also possible to use it with a USB C port, but you'll need an adapter for that.
In addition, the YubiKey 5 NFC supports OpenPGP, OTP, Smart Card, Fido U2F and FIDO 2 security protocols.
The actual physical key is small, but durable, waterproof and you can attach it to your keychain so you don't lose it (unless you lose your keys, that is).
Yubico YubiKey 5C
While YubiKey 5 NFC is a good choice for most users, its main downside is that it's not compatible with USB C and only uses USB A.
This is where the YubiKey 5C comes in.
The 5C version is for the most part the same as its USB A and NFC counterpart, except for the obvious part that it uses a different port.
Other than that, however, the YubiKey 5C also supports the same security standards as the USB A version does (OpenPGP, OTP, Smart Card, Fido U2F and FIDO2), is water-resistant and can be attached to a key ring.
Two important things to note, however, about the 5C is that the standard version doesn't support NFC and lighting port for iOS devices. If you need these you'll need to get the YubiKey 5C NFC or the YubiKey 5Ci version.
Price: €50 for the regular YubiKey 5C, €55 for 5C NFC and €70 for 5Ci with the lighting connector
Google Titan Security Key
With the Google Titan Key, you get two security keys - one for the USB A port and the other for Bluetooth, however, for the USB C port, you'll need to use the dongle that Google provides with the keys.
The security keys themselves support FIDO open standards and are packed with Google's own firmware and can obviously be used on all of Google's apps and services.
The keys themselves are small, light, elegant and can be attached to your keychain. Keep in mind that the Titan Security Bluetooth Keys T1 and T2 have a serious security vulnerability, but you can replace them free of charge.
Thetis BLE U2F Security Key
The Thetis BLE U2F Security Key is a much-needed upgrade of the Thetis U2F Security Key in that it also includes Bluetooth support for mobile devices.
While the physical key is somewhat bulkier than other security keys on our list, this can be a good thing as the aluminum alloy casing can be rotated 360 degrees to protect the USB connector, making this key more durable.
The key is backward-compatible with the FIDO U2F protocol and works with Windows, Linux and macOS computers.
The biggest downsides are that you'll need an app to make it work with mobile devices.
The CryptoTrust OnlyKey is both a password manager and a security key that is capable of bypassing keyloggers on your computer thanks to the onboard keyboard.
The key supports different two-factor authentication methods, such as OTP, TOTP, FIDO2 and FIDO U2F, as well as advanced features like encrypted backup and self-destruct which engages and wipes the device after a certain number of failed login attempts.
One problem that you might find is that this security key is not as durable as some of the competition, but that can be mitigated by purchasing a protective case for about $9.
Kensington Verimark Fingerprint Key
Fingerprint readers are a great way to log in to your computer without having to type in a password every time. The problem, if you have a Windows machine, is that it likely doesn't have a fingerprint reader so you'll need a device like Kensington Verimark Fingerprint Key.
The Kensington Verimark Fingerprint Key is FIDO U2F-certified, supports Google, Dropbox, Facebook and GitHub, is compatible with password managers (Last Pass Premium, Keeper Premium, Roboform and Dashlane) and can be used by up to 10 users (10 different fingerprints).
Not all security keys are created equal. As you can see, some work only with USB A or USB C ports, others require authenticator apps, and others support biometric authentication.
Ultimately, however, the choice depends on what you need the key for. So what do you think the best security key is?