Updated May 2022
Header Image
Why trust BestReviews?
BestReviews spends thousands of hours researching, analyzing, and testing products to recommend the best picks for most consumers. We only make money if you purchase a product through our links, and all opinions about the products are our own. Read more  
BestReviews spends thousands of hours researching, analyzing, and testing products to recommend the best picks for most consumers. We only make money if you purchase a product through our links, and all opinions about the products are our own. Read more  
BestReviews spends thousands of hours researching, analyzing, and testing products to recommend the best picks for most consumers. We buy all products with our own funds, and we never accept free products from manufacturers.Read more 
Bottom Line

We recommend these products based on an intensive research process that's designed to cut through the noise and find the top products in this space. Guided by experts, we spend hours looking into the factors that matter, to bring you these selections.

Category cover

Buying guide for best security keys

Web security can be a scary thing. As we move more and more of our personal information into the cloud for convenience, it becomes increasingly important to make sure that our data is secure.

Unfortunately, a password is no longer enough. Sophisticated attacks and unexpected data breaches are so commonplace now that if you want to stay safe, you’ll need to take additional measures. Thankfully, the web security industry has created a new standard that anyone can use to protect their online accounts from unwanted intrusions: two-factor authentication (often referred to as 2FA).

Two-factor authentication creates another safeguard beyond your password. In a 2FA transaction, after entering your username and password, you’re prompted to confirm the access request through a different medium. For example, many banks use SMS-based 2FA, and text you a numeric code to enter to access your account after you’ve entered your password. In other cases, users can use smartphone apps as a second-factor device, so they can confirm logins with a single tap.

The most secure form of two-factor authentication is with a separate physical device, and the gadgets dedicated to the task are known as security keys.

Content Image
Phone-based passcodes are another form of multi-factor authentication. Once you log in, a series of numbers is sent to your phone that you must enter after your password to gain access. Security keys are considered superior and more secure because they verify transactions over the internet, whereas phone-based passcodes do so over landlines, which are much easier to hack.

Using a security key to protect your online accounts

Security keys work with hundreds of online account services, including Google’s Gmail, Facebook, Twitter, and Dropbox. The setup process for each will vary slightly, but in each case, you’ll need to research how to set up two-factor authentication and follow the provided instructions. Once you’ve successfully registered your security key as a second-factor device for your login, here is how logins work:

  1. Enter your username and password, as always. This part stays the same, but it’s still important to remember the best practices of passwords: never use the same password on more than one account; use a random string of letters, numbers, and characters as your password whenever possible; and change all of your passwords regularly.

  2. Insert your security key into an open USB port. Any open port on your computer will do.

  3. Tap the security key to confirm your access request. Each security key has a physical sensor that’s waiting for you to tap it in order to get access. By tapping your security key, you’re essentially saying, “Yes, I confirm this is me.”

That’s it! With a security key, you’ve got an added layer of security – people with your password won’t be able to get in – and the only extra step is a single tap.

Content Image
Did you know?
Some in the web security industry refer to security keys as U2F devices, which stands for Universal Second Factor. While the terminology may differ based on context, in reality, they’re the same thing.

Security key prices

Security keys aren’t super expensive, but they’re not all the same. Keep these price ranges in mind as you’re comparing models.

Inexpensive: You’ll find some good options for basic protection between $15 and $29. Models in this price range are a little flimsy and are sometimes missing bonus features like support for Smart Card networks. If you’re only protecting a handful of accounts, a cheaper model will suffice, but given that better models are only a few dollars more, it might be worth it to spring for a better one.

Mid-range: The best values in security keys fall between $30 and $49. Security keys in this price range are made with higher-quality materials, so they’re less likely to get scratched (and they work based on an exposed copper connection, so durability matters). Most users won’t need to spend more than $50 to get a security key that will function for years to come.

Expensive: You’ll encounter overpriced security keys costing between $50 and $75 that don’t offer anything more than other models, and they can sometimes be dangerous copycats. Some manufacturers rely on consumers thinking that more expensive models must be of higher quality, but that is definitely not the case with security keys.

Content Image
Expert Tip
As a further measure against identity theft, consider signing up with a credit monitoring service. These services alert you whenever someone tries to use your social security number, so you can short-circuit identity theft attempts.


  • Use a password management service, and use only randomly generated passwords. This will help keep your online accounts even more secure. Don’t count on your brain to remember all of your passwords – there’s an app for that. Third-party password manager services like LastPass, Dashlane, or 1Password allow you to access your passwords when you need them with one master password. That’s not as scary as it sounds: you can use a security key to protect your password manager, and most password managers have built-in password generators, so you can update your existing passwords so they’re not guessable.

  • Buy a security key that matches your computer’s USB ports. Security keys are designed to occupy an available USB port on your computer, but USB standards are changing, so it’s important to verify compatibility before you buy. Most laptop and desktop computers have USB 2.0 or USB 3.0 ports, which have been the standard for years, but they’re slowly giving way to USB 3.1 ports, which use a completely different form factor. Before you start shopping, confirm if you’ll be using your security key in a USB 2.0, USB 3.0, or USB 3.1 port.

  • Update your critical passwords at least once every six months. And update your less important passwords at least once a year. Keeping your online accounts secure will always be an ongoing effort, so it’s important to never think of yourself as “done” with your safety efforts. To protect yourself from breaches or anyone else who may know your passwords, update them on a regular basis.
Content Image
A single security key can work with multiple accounts, so there’s no need to buy more than one.


Q. What’s the difference between a security key and a fingerprint reader?

A. Both security keys and fingerprint readers are devices that require physical contact in order to give you access to an account, but the similarities end there. A fingerprint reader stores a copy of your fingerprint on your local machine, and then verifies that your finger is a match every time you log in. Fingerprint readers are used almost exclusively to give users physical access to their computers, while security keys are used with web services and online accounts. A security key relies on the user to tap it, and while it will accept a tap from anyone, it verifies access in the cloud.

Q. What happens if my security key gets lost, stolen, or damaged?

A. Most web services that support security keys will provide you with a set of backup codes during your initial set up. Backup codes are for instances when your security key isn’t available, so it’s important to keep them safe. If you lose access to your backup codes, you’ll need to go through access verification with the service in question – most will make you go through a lengthy process to prove who you are, but they can eventually restore your access.

Q. Can I use a security key with my computer login?

A. Yes. Many security key manufacturers, including Yubikey, make security keys that work with both the Windows 10 operating system and Apple’s OS X operating system, so you can make sure that no one is logging into your computer that shouldn’t be. To learn more, visit your security key manufacturer’s website.

Our Top Picks