Strong and unique passwords are a must to secure your online accounts. After all, they’re one of the best ways to prevent hackers from guessing your credentials and having easy access to your personal information. Unfortunately, good password hygiene isn't enough. No matter how strong your password is, cybercriminals can still access your credentials by hacking websites themselves. This is where two-factor authentication comes into play. Two-factor authentication works as a second security layer that prevents hackers from accessing your account even when they have your login information. One method is using USB security keys, which use an open authentication standard protocol and can resist physical attacks aimed at extracting data from the key itself. Moreover, since hardware security keys verify your identity and the login page URL, they protect you from phishing websites. The best part is that they’re affordable, easy to use, and small enough to fit in your keychain.
Recommended Hardware Security Keys
There are many hardware security keys on the market. While some are easier to use, others come with neat added extra features. Here, we’ve picked some of the most impressive security keys.
Don’t let the slim flash drive look deceive you: YubiKey is one of the best USB security keys on the market. It works with many online apps such as Chrome, Facebook, any FIDO-compliant apps, and more. It also works with some of the most popular password managers out there like Keeper, Dashlane, LastPass, and 1Password. Additionally, the key has multi-protocol support including FIDO2, FIDO U2F, Yubico OTP, and OpenPGP. It fits USB-A ports, but also offers touch-based authentication for NFC-supported Android and iOS devices. Plus, YubiKey is tamper-, water-, and crush-resistant, making the hardware extremely durable. You can add this USB security key to your keychain for as low as $45.
Although the Thetis security key comes at a lower price – $20.99 – it doesn’t support as many websites as YubiKey. So while Thetis works with any website that supports U2F protocol, it isn’t compatible with email clients and doesn’t support any other protocols such as UAF or OTP. Even so, Thetis is extremely durable due to its 360-degree rotating metal cover and aluminum alloy, which protects it from drops, bumps, and scratches. It works with some of the most popular password managers too, including Dashlane and 1Password. Last but not least, this USB security key connects to iOS and Android phones via Bluetooth.
If you’re looking for an open-source solution, SoloKey is the one to get. For $35, SoloKey secures your logins with two-factor authentication on anything that supports FIDO2 or FIDO 2UF, such as Google and Dropbox. Of course, this also means that it works with any password manager that supports FIDO U2F. With SoloKey you just need a computer with a USB-A slot or an NFC connection to use it on the go. A neat extra is that you can personalize your SoloKey, as the hardware is available in multiple colors and businesses can have their logo printed on the keys.
How Do USB Security Keys Work?
Hardware security keys are extremely easy to set up and use. The key uses an authentication method called U2F, which responds to a challenge issued from the browser – including verifying the domain name of the website you’re trying to log into. Due to this, USB security keys come with the perk of protecting you against phishing attacks, as the hacker would need to control the domain name or the browser itself to get a usable signature from the key.
But there are more advantages to using USB security keys as your two-factor authenticator. They’re the most reliable two-factor authenticators available as one-time code text messages can be viewed or redirected while en route to your phone. Also, someone who tricks you into entering your password and an authenticator code into a bogus website can use that information to get into your email account. On the other hand, hardware security keys are extremely difficult to hack. While there have been a few rare cases where criminals were able to clone specific security keys, hackers usually need to physically have your key with them to access your protected accounts.
Many websites and password managers support USB security keys. In fact, any online app that supports U2F can be unlocked with a security key. This includes Twitter, Dropbox, 1Password, and many more.
Are Physical Security Keys Safe?
When it comes to two-factor authentication, physical security keys are the safest option. But that doesn’t mean they’re bulletproof. Like everything, USB security keys come with their fair share of limitations that you should consider. But bear in mind that most are easily avoided.
The first restriction is that not all websites support this type of authentication. In other words, you’ll always need to have a backup plan for platforms that don’t work with hardware security keys. Also, since security keys are quite small they’re very easy to lose. So, it’s important that you always configure websites to have a second option in case you lose the key.
Security keys can also get stolen. Fortunately, this hardware doesn’t replace your password completely, and a criminal will need to know your credentials to access your account. Still, if you do lose your key, go to the company’s website to cancel it as soon as possible.
Using Security Keys To Protect Your Passwords
Just because you’ve got a security key, it doesn’t mean you can go easy on your password hygiene. USB security keys should be used as a second layer of protection. In other words, you still need to make sure you’re using strong and unique passwords for all your accounts. Let’s not forget that some platforms don’t even support these keys yet, which makes them easy targets for hackers.
Fortunately, password managers offer everything you need to make sure your credentials are hacker-proof. They tell you which passwords need to be updated, whether any of your accounts have been part of a data breach and generate completely random passwords that hackers would never be able to guess.
The best part is that several password managers work with security keys. Dashlane, Bitwarden, Keeper, and LastPass are just some of the many examples. The setup depends on the provider you’re using, but the process is usually simple. You just need to go to the password manager’s settings and follow the instructions to ensure your credentials are safe.
Best Password Managers of 2024
|Editor's Choice 2024
Get the Best Deals on Password Managers
Subscribe to our monthly newsletter to get the best deals, free trials and discounts on password managers.