The best security keys of 2025: Expert tested

The YubiKey 5C NFC combines USB-C connectivity with the versatility of wireless NFC, enabling broad compatibility with a wide range of devices — making it our top choice for most users. 

Why we like it: It is FIDO-certified, which allows it to work with Google Chrome and any FIDO-compliant application on Windows, macOS, or Linux. In addition, the use of NFC and the Yubico Authenticator app makes it compatible with mobile devices, giving you the option to authenticate quickly via your smartphone or tablet. Tap and go, and you’re done. 

The YubiKey USB authenticator has multi-protocol support, including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, smart card (PIV), OpenPGP, and challenge-response capabilities, providing solid hardware-based authentication. 

Considering it is dust, water, and tamper-proof, this key is a great all-rounder for your security needs. 

Who it’s for: I consider this security key the best option for most users to improve their privacy and security.

Customer feedback indicates that this popular key’s NFC functions are convenient, especially for mobile use, and it is an excellent option for two-factor authentication. 

Who should look elsewhere: Each key costs $55, which may sway your decision, as you should consider investing in two to ensure you have a backup available if you lose your first key. 

Yubico YubiKey 5C NFC features: USB-C and NFC compatibility | WebAuthn | Compact design | No battery required | Water, dust, and tamper-resistant | FIDO certified | Multi-protocol support | Passwordless authentication

The Thetis Fido U2F Security Key is my top choice for beginners, considering how easy it is to set up and use. 

Why we like it: The FIDO2 is a USB-A key that functions with the latest Chrome browser and operating systems such as Windows, macOS, or Linux. This option also has backward compatibility with online services complying with U2F protocols.

FIDO2 provides passwordless authentication using the FIDO and HOTP protocols. You’ll find the most compatibility with desktop and PC applications, as there are marginally more restrictions with iOS and Android functionality. 

The key is designed with a 360-degree rotating metal cover, shielding the USB connector when not in use. It is also made from durable aluminum alloy to safeguard it against drops, bumps, and scratches.

Overall, this security key is reasonably priced at $26. However, it does not have advanced features such as a fingerprint reader, and you will want to buy more than one. 

Who it’s for: What makes this key stand out is its easy setup, making it a great option for first-time security key users. I’ve tested this key in the past and found the process far less challenging than that of Google’s Titan and some YubiKey models.

Customers like its sleek and discreet design and find it easy to set up and use. 

Who should look elsewhere: If you’re looking for more advanced or modern authentication options, look elsewhere.

Thetis Fido U2F Security Key features: Tough and durable alloy shell | 360-degree design with rotating aluminum alloy cover | Looks like a USB flash drive | Backward-compatible with U2F protocol | Compatible with latest Chrome browser on Windows, macOS, and Linux

The Yubico YubiKey 5 Nano is a discreet, tiny security key that provides the features you need to lock your devices and services while you’re on the road. 

Why we like it: The key supports PCs and other devices via USB-A and is compatible with the Yubico Authenticator app. However, keep in mind that there is no USB-C support. 

This security key is also compatible with various password managers including 1Password, Keeper, and LastPass Premium. It also supports IAM platforms, cloud storage apps, and social media accounts. The Yubico YubiKey 5 Nano will likely work if an application is FIDO-certified.

It is also tamper-, dust-, and water-resistant. 

Who it’s for: Priced at $60, this is slightly more expensive than many on the market, but if you’re looking for one of the smallest, portable, and most discreet keys on the market, this could be the right option for you.

Customer feedback shows that users find the key works well across multiple platforms and consider it straightforward to set up and use. 

Who should look elsewhere: If you need NFC compatibility, this key isn’t the right choice, so check out another of my recommendations. 

Yubico YubiKey 5 Nano features: FIDO, FIDO2 certified | Multi-protocol | Supports USB-A | Protects against phishing and cyber-attacks | IP68 rated | 1GB memory

The YubiKey Bio FIDO Edition key is best suited for businesses that want to implement passwordless multi-factor authentication. 

Why we like it: It’s small, sleek, and provides support for passwordless login protocols. It can also be quickly deployed. Once you’ve set it up, plug it into a USB-A port, press the fingerprint sensor, and you’re finished. You can also use a backup PIN, which can be useful if you accidentally damage your key’s reader. 

This option is compatible with numerous services and platforms businesses rely on including Microsoft and Google suites, Linux, 1Password, Okta, Proton, Facebook, and Bitwarden.

However, there are limits to be aware of: This is a FIDO model, so you won’t have NFC, and it’s also USB-A only.

Who it’s for: Businesses of all sizes that want to provide better security and authentication without jumping through too many hoops.

The company also offers a Yubico subscription to businesses that want to provide their teams with keys. This could be the best solution for businesses that need to provide their teams with physical security keys. Customers say customer support could be improved.

Who should look elsewhere: If you need a USB-C connection or NFC support, consider one of my alternatives. 

The key is also expensive retailing at $90.

YubiKey Bio FIDO Edition features: FIDO certified, FIDO2/WebAuthn compatible | USB-A | IP68 rating | No battery required | Suitable for Android, Windows 10, iOS devices and apps | Defends against phishing and account takeovers

The $50 Kensington VeriMark Gen2 utilizes advanced biometric technology, offering excellent performance, 360-degree readability, and anti-spoofing protection.

Why we like it: With Microsoft’s built-in Windows Hello login feature, you can log into your Windows 10 or 11 computer using your fingerprint. This works for businesses, too. Users can store up to 10 fingerprints, allowing multiple individuals to access the same computer without remembering different usernames or passwords.

Your fingerprint can be used as a second factor for authentication to secure accounts from services including Google, Dropbox, GitHub, LastPass, and Facebook.

You may need to download additional drivers from Kensington’s website for different Windows operating systems. 

Who it’s for: Anyone who wants to secure their accounts and is in the Microsoft Windows ecosystem. 

Who should look elsewhere: This key is not compatible with macOS or ChromeOS, so if you need a reader for these operating systems, look elsewhere. 

Kensington VeriMark Gen2 Fingerprint Key features: Built-in biometrics for added security (Synaptics FS7600) | Compatible with Windows Hello login feature | Compact and unobtrusive design | Stores up to 10 different fingerprints | AES-256/SHA-256 encryption

The Google Titan security key line, which supports up to 250 passkeys, is an affordable way to bolster your online security.

Why we like it: The $30 key is USB-C-compatible, and a USB-C to USB-A adapter is included for legacy devices. 

This stylish option is based on FIDO standards, and it can connect most Android and iOS devices, as well as most devices able to run Google Chrome. If you’re looking for a key suitable for most platforms, including Google services, this key is for you. As a bonus, it is reasonably priced.

Also: Hands on with Google’s new Titan Security Keys – and why they still have their place

Titan security keys are compatible with Google’s Advanced Protection Program. This is a scheme you may be required to join if you are considered at higher risk of cyberattacks — including phishing and email-based attacks — than the average consumer. Compatibility requirements are listed here. 

Setup is easy, but we’ve found on occasion you may end up in verification loops when you try to register a new device with your key. Customers generally give positive feedback but note the key is bulky compared to rival products. 

Who it’s for: If you are part of Google’s Advanced Protection Program, this is one of the easiest ways to meet its requirements. 

Who should look elsewhere: It’s not easy to set up and can be frustrating, so if you want something easier, look at another of my top choices.

Google Titan security key features: FIDO-certified security key | USB-A/NFC, USB-C/NFC | USB-C to USB-A adapter | Supports 250 passkeys | Multi-platform | Works with Google’s Advanced Protection Program

A security key is a physical device that generates a unique code used with a password to authenticate your identity when logging into a website or application. It uses public-key cryptography and is more secure than traditional 2FA methods. You usually plug your key into a trusted device to authenticate yourself. 

The FIDO Alliance consortium has developed open standards for authentication protocols. The authentication standard is based on public key cryptography. 

Devices that are FIDO certified allow users to quickly sign into their accounts using physical keys or biometric passkeys and have also achieved FIDO protection and security standards. 

SMS is open to SIM hijacking, while a physical key cannot be copied or the data intercepted. 

Think about it this way: 2FA verification codes sent via SMS messaging may be intercepted if your smartphone has been infected with malware, including spyware. But, unless an attacker has your physical security key in their hand, they cannot grab the code required to access your account.

We recommend purchasing at least two — one that you use day-to-day and one to keep as a backup. For example, you can keep one in your home office or attached to a keychain if you’re on the road, while one is stashed safely away to cover you if you lose your primary key. 

Security keys are one of the best authentication methods on the market today and they have very little exploitable attack surface, making them difficult to ‘hack’ in any way. While there are cases of keys being cloned for academic purposes, as security keys are not constantly connected to the Internet, you don’t have to worry about the most common attack vectors having any impact on them. Just keep your key in a safe place.

In layman’s terms, security keys use encryption and security tokens that only work on genuine websites rather than fake phishing domains. Public and private keys work together to authenticate a user session, but the private key is held on the physical device, reducing the attack surface. 

Yes, absolutely. Although, the number of accounts can vary depending on the security key you choose. The key’s compatibility with different protocols and online services may also determine what accounts you can protect by using one device.

We recommend purchasing two, with one as a backup, just in case one is lost or stolen. As they are generally small and portable, you can keep one with you — together with your house keys, if you like — or stashed in your wallet. 

Alternatively, the safest option is to keep your key at home, perhaps in a convenient location like your office desk drawer. Your backup should be kept somewhere secure or at least memorable. 

The answer to this question depends on the provider and the account registered with your key. If you don’t have a backup authentication method, such as an authenticator app, try removing the key from your account and registering a new one. If you are locked out, you may also have to contact relevant IT teams or fill out a request, such as the one provided by Google for free Gmail accounts. 

Absolutely. Cross-platform compatibility is the hallmark of many security key products today, which is especially important considering many of us aren’t tied to just one ecosystem or one device. While some security keys work best on one OS or another, or are limited to PCs, most support multiple operating systems.