PCMag has been reviewing hardware security keys since 2018, when they were a new technology, and multi-factor authentication (MFA) was still a novel idea. Today, major companies, including Apple and Google, support account authentication using hardware security keys. Currently, the Yubico Security Key C NFC is our Editors' Choice winner because it's both affordable and easy for first-time users to adopt. That said, it isn't the only one we recommend. Keep reading to discover more of the best security keys we've tested, followed by an explanation and video of how they work, plus recommendations for choosing the right one for you.
Overview
-
Jump To Details
![Yubico Security Key C NFC]()
Best OverallYubico Security Key C NFC
-
Jump To Details
![Google Titan Security Key]()
Best for Google LoyalistsGoogle Titan Security Key
-
Jump To Details
![Kensington VeriMark NFC+ USB-C Security Key]()
Best Plug and Play FunctionalityKensington VeriMark NFC+ USB-C Security Key
-
Jump To Details
![Yubico YubiKey C Bio]()
Best for Biometric AuthenticationYubico YubiKey C Bio
-
Jump To Details
![Yubico YubiKey 5C NFC]()
Best for MFA ExpertsYubico YubiKey 5C NFC
You Can Trust Our Reviews
Deeper Dive: Our Top Tested Picks
-
Credit: Kim Key
![Yubico Security Key C NFC]()
Best OverallYubico Security Key C NFC
Pros & Cons
The Yubico Security Key C NFC is our top pick because it features excellent build quality, and its USB-C connector ensures compatibility with nearly every new device.
Why We Picked It
Pricing: The Security Key NFC line is available in multiple formats: the USB-A version features an unshielded USB-A connector, and the USB-C version has a USB-C connector. Each key costs $29.
Appearance: The front of the Security Key C NFC has a metal-reinforced hole for hanging on a keychain or lanyard. The letter "Y" on the gold disk embedded in the key lights up green when the device is connected to a computer. During authentication, tap the metal disk to confirm that a human is using the key.
Key features and supported protocols: In addition to USB-A and USB-C versions, the Yubico Security Key also supports NFC, enabling authentication on mobile devices without a USB port. The Security Key supports the following authentication standards: FIDO2 CTAP1, FIDO2 CTAP2, Universal 2nd Factor (U2F), and WebAuthn. That's enough to handle just about any login scenario the average person will encounter when securing an online account. You can also store up to 100 passkeys on the device.
Who It's For
Beginners and non-tech-savvy customers: The Security Key NFC is our Editors' Choice winner for hardware security keys and our top choice for anyone looking to try hardware security keys for the first time, because it is intended to work for most people. Yubico also offers helpful videos on its website to guide new customers through hardware security key enrollment on various platforms.
Individuals and families: Yubico's Security Key NFC is our recommended security key for first-time buyers and anyone who doesn't want to pay for a lot of extra features. It can authenticate your identity online and store up to 100 passkeys, which are accessible via Yubico's desktop and mobile apps.
Specs & Configurations
Authentication Specifications FIDO U2F Authentication Specifications FIDO2 Authentication Specifications WebAuthn/CTAP Connector USB-C Wireless Specification NFC Learn More Yubico Security Key C NFC Review -
-
Credit: Kim Key
![Google Titan Security Key]()
Best for Google LoyalistsGoogle Titan Security Key
Pros & Cons
The only MFA hardware that Google is willing to put its name on is the USB-C/NFC Titan Security Key. It's an MFA device designed for everyday and first-time users. The sleek, rounded Titan Security Key is ideal for those who are turned off by Yubico's square-edged, utilitarian design.
Why We Picked It
Pricing: Google sells the USB-A/NFC key for $30 and the USB-C/NFC key for $35.
Appearance: The USB-C Titan Security Key is lozenge-shaped and made of white polycarbonate with silver accents. The device has no moving parts or batteries and doesn't require a network connection. At one end is a standard USB-C connector, and at the other is a zinc-alloy-reinforced hole for threading a key ring. Just above the connector is a small LED that flashes when the device is connected, and above that is a silver, touch-sensitive circle.
Key features and supported protocols: In addition to serving as MFA for your online accounts, Google's Titan key provides substantial passkey storage, up to 250 resident passkeys. The Titan Security Key doesn't have a built-in way to browse all the passkeys or remove them from the device, which isn't a big deal because you get a lot of storage for them.
Who It's For
Google fans: The Titan Security Key is affordable and, most importantly, comes with Google's endorsement. Trust is important when authenticating your login sessions, so Google's recognizable name and massive online presence may carry a lot of weight with certain customers.
Specs & Configurations
Authentication Specifications FIDO2 Connector USB-A Connector USB-C Wireless Specification NFC Learn More Google Titan Security Key Review -
-
Credit: Kim Key
![Kensington VeriMark NFC+ USB-C Security Key]()
Best Plug and Play FunctionalityKensington VeriMark NFC+ USB-C Security Key
Pros & Cons
The Kensington VeriMark NFC+ USB-C Security Key offers phishing-resistant protection and works with every device you own.
Why We Picked It
Pricing: Kensington's VeriMark NFC+ line is available with an unshielded USB-A connector, which retails for $49.99, and a USB-C connector, which costs $54.99.
Appearance: The USB-A and USB-C models differ significantly, with the USB-A key wider and flatter than the USB-C key. Both have gold sensors in the center of the key, and are rated IP68, so they're dustproof and can survive brief water immersion.
Key features and supported protocols: Kensington VeriMark NFC+ USB-C Security Key supports FIDO CTAP 2.1 and FIDO CTAP2 authentication standards. It also requires a tap via USB-C or NFC, making it incredibly difficult for anyone to get into your accounts without physical access to the key. The keys also support passkey storage, Apple ID logins, U2F, and smart card authentication (PIV).
Who It's For
Beginners and home users: The Kensington VeriMark NFC+ USB-C Security Key is best for general use at home or work, rather than high-security environments that require accessing a lot of different security protocols.
People who want an easy setup process: You don't need to install any drivers or software to use the Kensington VeriMark NFC+ USB-C Security Key. The VeriMark keys will work with just about every device or platform you use, from ChromeOS to Windows. If you want to log in to your computers without your hardware security key, you can download the VeriMark Companion app to sign in with your phone.
Specs & Configurations
Authentication Specifications FIDO2 Authentication Specifications Smart Card Connector USB-A Connector USB-C Wireless Specification NFC -
-
Credit: Kim Key
![Yubico YubiKey C Bio]()
Best for Biometric AuthenticationYubico YubiKey C Bio
Pros & Cons
The YubiKey C Bio has Yubico's trademark build quality and can store passkeys and authenticate your identity, just like other security keys, but it also features a fingerprint scanner for added security.
Why We Picked It
Pricing: The Bio series consists of two key models: the USB Type-A version, which features an unshielded USB-A connector, and the USB Type-C version. The FIDO edition of the Bio key costs $98. There's also a multi-protocol version of the key, available only to enterprise customers.
Appearance: Yubico's Bio keys are small, sleek, and black, with gold metallic accents and a round fingerprint reader. The keys are IP68-rated and crush-resistant, and do not require batteries.
Key features and supported protocols: Yubico's Bio series supports the FIDO2, WebAuthn, and FIDO U2F standards, which are the most widely used MFA methods. You'll sign into your accounts using either a PIN or the fingerprint reader.
Who It's For
People who need biometric login capability: What you're paying for with this device is its biometric protection. Make sure that's explicitly what you want before buying. The biometrics key supports the same authentication standards as the lower-priced, non-biometric Security Key C NFC from Yubico.
Specs & Configurations
Authentication Specifications FIDO U2F Authentication Specifications FIDO2 Authentication Specifications WebAuthn/CTAP Biometrics Connector USB-C Wireless Specification None Learn More Yubico YubiKey C Bio Review -
-
![Yubico YubiKey 5C NFC]()
Best for MFA ExpertsYubico YubiKey 5C NFC
Pros & Cons
The YubiKey 5 Series keys have the rugged build quality characteristic of all Yubico devices. The keys also do more than just provide MFA and passwordless login; they also function as Smart Cards and store static passwords and OpenPGP keys.
Why We Picked It
Pricing: The keys in this series all communicate differently with your devices depending on their connection capabilities, and the prices vary, too. The 5Ci, for instance, has Apple Lightning and USB-C connectors and costs $85. The 5C NFC features a USB-C connector and NFC capabilities, enabling it to communicate with nearly any device, regardless of brand, and costs $58.
Appearance: The YubiKey 5C NFC is made of sturdy black plastic with a textured finish. With no batteries and no moving parts, the YubiKey 5C NFC is durable and water-resistant. Its single interface is a gold disk emblazoned with a Y. The disk responds to your tap, but it is not a fingerprint reader.
Key features and supported protocols: The YubiKey 5C NFC supports WebAuthn, FIDO2 CTAP1, FIDO2 CTAP2, Universal 2nd Factor (U2F), Smart card (PIV-compatible), Yubico OTP, OATH – HOTP (Event), OATH – TOTP (Time), OpenPGP, and Secure Static Passwords as authentication protocols.
Who It's For
Enterprise customers: The YubiKey 5C NFC's support for a wide range of protocols makes it ideal for business users. The key works with many enterprise-level services, including AWS Identity and Access Management (IAM), Duo Security, ForgeRock, Idaptive, Microsoft Azure AD, Okta, OneLogin, and Ping Identity.
MFA experts: For the price, the YubiKey 5C NFC doesn't make sense for most people who simply need to secure their online accounts or are new to using a security key. It's a better choice for someone with very specific needs or who's savvy enough to learn how to use all its features.
Specs & Configurations
Authentication Specifications FIDO U2F Authentication Specifications FIDO2 Authentication Specifications HOTP/TOTP Authentication Specifications Open PGP Authentication Specifications Smart Card Authentication Specifications Static Password Authentication Specifications WebAuthn/CTAP Authentication Specifications Yubico OTP Connector USB-C Wireless Specification NFC Learn More Yubico YubiKey 5C NFC Review -
Compare Specs
Our Pick | ||||||||
Rating |
5.0 Exemplary |
4.0 Excellent |
4.0 Excellent |
4.0 Excellent |
4.0 Excellent |
5.0 Exemplary |
4.0 Excellent |
4.0 Excellent |
Best For | Best Overall | Best for Google Loyalists | Best Plug and Play Functionality | Best for Biometric Authentication | Best for MFA Experts | Best Overall | Best for Google Loyalists | Best Plug and Play Functionality |
Biometrics | ||||||||
Authentication Specifications | FIDO2, FIDO U2F, WebAuthn/CTAP | FIDO2 | FIDO2, Smart Card | FIDO U2F, FIDO2, WebAuthn/CTAP | FIDO U2F, FIDO2, WebAuthn/CTAP, Smart Card, HOTP/TOTP, Open PGP, Static Password, Yubico OTP | FIDO2, FIDO U2F, WebAuthn/CTAP | FIDO2 | FIDO2, Smart Card |
Connector | USB-C | USB-C, USB-A | USB-C, USB-A | USB-C | USB-C | USB-C | USB-C, USB-A | USB-C, USB-A |
Wireless Specification | NFC | NFC | NFC | None | NFC | NFC | NFC | NFC |
Buying Guide: The Best Hardware Security Keys for 2026
How Do You Use a Security Key?
Most security keys are small, key-sized devices that uniquely identify themselves to sites and services. To use a security key, enroll it with each site or service you want to protect. Keep in mind, though, that while support for security keys is increasing, they are still not accepted by every website.
Key enrollment steps vary, but the process typically follows this sequence: Within the online account's settings, there is an option to enroll a security key. Click it, insert the key, tap the key's button when prompted, and assign a name to the key's record so you know what it is. Some sites and services limit you to just one key, while others allow or even require multiple keys. Many sites require you to enable an alternative form of MFA or generate one-time-use security codes as backups to your primary key.
Next time you log in, you'll need to enter your security key after entering your username and password. Connect the key to your computer or device through a data transfer connection—typically USB-A or USB-C—and then press a button on the device, or touch a biometric reader to verify that you're a real person. Some hardware keys include wireless communication capabilities, usually through near-field communication (NFC), to interact with mobile devices.
Which Hardware Security Key Is Best for You?
The first thing to consider when choosing a security key is how it integrates with the rest of your devices. If you don't have any devices with a USB-C connector, it's best to stick with keys that have a USB-A connector. If you want to use your key with mobile devices (and you should), select a key with a connector that fits your phone, or choose NFC if your phone supports it.
Consider any budget restrictions, too. The most expensive keys we've reviewed cost up to $95. If you're new to hardware security keys, we strongly recommend starting with a less expensive key and upgrading later. The Security Key C NFC from Yubico and the Google Titan Security Key work well for basic MFA and support NFC on mobile devices. Either is great for first-time buyers.
Most security keys just authenticate you, and that's enough. But some go further with additional features. High-end YubiKeys offer numerous additional features, including the ability to play back a static password, integration with desktop or mobile apps to generate app-generated passcodes, support for PGP key management, and support for their own one-time passcodes.
What Is Multi-Factor Authentication?
Multi-factor authentication, also known as MFA, two-factor authentication, or 2FA, enables you to verify your identity using multiple factors. You should authenticate your login using at least two of these factors:
- Something you know
- Something you have
- Something you are
Something you know is typically a password. It lives in your head and is ideally known only to you. Something you have could be a security key, such as those we've listed here, an authenticator app on your phone, or a code sent to your phone via SMS. It's something not easily accessible or obtainable for a stranger. Finally, something you are is a physical characteristic that can be read with a biometric scan, such as a fingerprint or your face.
It's highly unlikely that an attacker will have access to more than one of these authentication methods, making it harder for malicious actors to take over your accounts. It's been proven in the real world, too. When Google required employees to use hardware MFA keys, account takeovers effectively ceased.
Remember that MFA of any kind can't protect against all the security dangers the modern world presents. We strongly recommend using antivirus software and a password manager to create unique and complex passwords for each site and service you use.
How Do Hardware Security Keys Work?
The most widespread means of hardware security key authentication is based on FIDO Alliance standards. All these standards do fundamentally the same thing: They use asymmetric cryptography to authenticate you to a site or service.
Each device can generate any number of public keys from its private key without exposing the private key. That allows a single hardware key to be used for multiple sites and services, but most importantly, it means that a failure or change at any one site or service won't affect the others. You can easily remove and enroll your hardware key as many times as you like.
When shopping for a hardware security key, look for at least FIDO U2F certification, as it ensures the key works in nearly every basic security key context. FIDO2/WebAuthn are next-generation standards that support additional authentication methods. If you want to use a device for biometric MFA or passwordless login, you need FIDO2/WebAuthn.
Are Security Keys Safe?
So what happens if your key is stolen or lost? In the theft scenario, it's unlikely someone would have the means to track down an individual user and steal their security key. Most cybercrime is committed en masse, with thousands or millions of compromised accounts. One security key isn't worth the effort.
That said, a determined attacker could use a stolen key to access your accounts. That's why you should keep your key safe and use strong, password-protected passwords in a password manager. If the thief obtains the key but can't crack your password, they still won't get in.
It's far more likely that you lose your key, and that can be a real problem. Yubico recommends enrolling a second key and storing it as a secure backup. Many services that support security keys also allow (and some require) you to enroll multiple MFA factors, so you could set up an authenticator app as a backup MFA option and use that if you don't have your key.
Many services let you generate backup codes to write down and store offline or in a password manager. These codes grant you access in emergencies. If none of that works, find a device where you are still logged in and unenroll the key or add a new MFA factor you do have. The bottom line is that losing your security key is not the end of the world.
Passkeys vs. Security Keys
Passkeys are a secure authentication system that may one day replace passwords. Several major players have thrown their weight behind this technology, making it far more likely to catch on than any other previous effort to replace passwords. Apple, Google, and Microsoft have all added support for passkeys to their platforms. If you want to try using passkeys to log in, check out our instructions for creating passkeys for your Google or Apple account.
A super-secure authentication scheme might sound like a death knell for security keys, but that's not the case. Some security keys can store passkeys, keeping them safe and separate from your phone or computer. The number of passkeys a security key can store will vary. For example, Yubico's YubiKey Bio keys hold 100 passkeys each, while Google's Titan key has enough room for 250.