The best security keys of 2026: Expert tested and reviewed

Usernames and passwords are the first line of defense for your online accounts. However, against brute-force attacks, data breaches, sophisticated phishing, and now AI-based automated attacks, they are often far from sufficient.

In response to modern cyber threats, many online companies and services have implemented two-factor or multi-factor authentication (2FA/MFA) and passwordless authentication, which make it more difficult to compromise an account. However, if you need to go further, a security key is your best bet.

Even if a cybercriminal has obtained your username and password or compromised your mobile device, they won't be able to infiltrate your account without access to the physical key. If you are considered more at risk than the average user, some service providers may require you to purchase one. They can be complicated to set up, unfortunately, but the improvement in your personal security can be worth it.

Also: How passkeys work: The complete guide to your inevitable passwordless future

In ZDNET's January update, we overhauled our recommendations and included the Thetis Pro FIDO2 security key as one of our top picks. We also refreshed our FAQs and provided more information on the state of security key security in 2026.

Get more in-depth ZDNET tech coverage: Add us as a preferred Google source on Chrome and Chromium browsers.

Show more (7 items)

Best anti-virus deals of the week

Deals are selected by the CNET Group commerce team, and may be unrelated to this article.

What is the best security key right now?

Our favorite security key is the Yubico YubiKey 5C NFC. It offers excellent security and convenience, making it a worthwhile investment for anyone looking to safeguard their online accounts. This $55 key is compatible with a wide range of protocols and can be configured to provide easy authentication on mobile devices.

The ZDNET team has tested many security keys and frequently tracks market developments. Many of us use security keys ourselves and rely on our personal experience, customer feedback, and extensive research to inform our recommendations. These are the best security keys available in 2026.

The YubiKey 5C NFC combines USB-C connectivity with the versatility of wireless NFC, enabling broad compatibility with a wide range of devices -- making it our top choice for most users.

Why we like it: It is FIDO-certified, which allows it to work with Google Chrome and any FIDO-compliant application on Windows, MacOS, or Linux. Additionally, the use of NFC and the Yubico Authenticator app makes it compatible with mobile devices, allowing you to authenticate quickly via your smartphone or tablet. Tap and go, and you're done.

The YubiKey USB authenticator supports multiple protocols, including FIDO2, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, and OpenPGP. Considering it is also dust-, water-, and tamper-proof, this key is a great all-rounder for your security needs.

Who it's for: I consider this security key the best option for most users to improve their privacy and security.

Customer feedback indicates that this popular key's NFC functions are convenient, especially for mobile use, and it is an excellent option for two-factor authentication.

Who should look elsewhere: Each key costs $58, which may influence your decision, as you should consider investing in two to ensure you have a backup available in case you lose your first key.

Show Expert Take Show less

The Yubico YubiKey 5 Nano is a discreet, tiny security key that provides the features you need to lock your devices and services while you're on the road.

Why we like it: The key supports PCs and other devices via USB-A and is compatible with the Yubico Authenticator app. However, keep in mind that there is no USB-C support.

This security key is also compatible with various password managers, including 1Password, Keeper, and LastPass Premium. It also supports IAM platforms, cloud storage apps, and social media accounts. The Yubico YubiKey 5 Nano will likely work if an application is FIDO-certified -- and supported protocols also include OATH-TOTP, OATH-HOTP, and OpenPGP.

It is also tamper-, dust-, and water-resistant.

Who it's for: Priced at $68, this is slightly more expensive than many on the market, but if you're looking for one of the smallest, portable, and most discreet keys on the market, this could be the right option for you.

Customer feedback shows that users find the key works well across multiple platforms and consider it straightforward to set up and use.

Who should look elsewhere: If you need NFC compatibility, this key isn't the right choice, so check out another of my recommendations.

Show Expert Take Show less

The Google Titan security key line, which supports up to 250 passkeys, is an affordable way to bolster your online security.

Why we like it: The $30-$35 key, available in both USB-A and USB-C variants, is FIDO-compliant and supports most Android and iOS devices (Android 9.0 or above, iOS version 13.3 and up), as well as most devices that run browsers including Google Chrome, Firefox, Edge, and Safari.

If you're looking for a key suitable for most platforms, including Google services, this key is for you. As a bonus, it is reasonably priced.

Also: Hands on with Google's new Titan Security Keys - and why they still have their place

Titan security keys are compatible with Google's Advanced Protection Program. This is a scheme you may be required to join if you are considered at higher risk of cyberattacks -- including phishing and email-based attacks -- than the average consumer. Compatibility requirements are listed here.

Setup is easy, but we've found on occasion you may end up in verification loops when you try to register a new device with your key. Customers generally give positive feedback, but note the key is bulky compared to rival products.

Who it's for: If you are part of Google's Advanced Protection Program, this is one of the easiest ways to meet its requirements.

Who should look elsewhere: It's not easy to set up and can be frustrating, so if you want something easier, look at another of my top choices.

Google Titan security key f****eatures: FIDO-certified security key | USB-A/NFC, USB-C/NFC | Supports 250 passkeys | Multi-platform | Works with Google's Advanced Protection Program

Show Expert Take Show less

The Thetis Pro FIDO2 Security Key is my top choice for connectivity, as it comes with USB-A and USB-C ports.

Why we like it: This FIDO2-compatible device is key with USB-A, USB-C, and mobile NFC connectivity.

It is compatible with Windows, macOS, Android, and iOS, alongside a wide range of services, including Google's suite, social media platforms, Dropbox, and AWS. You can use this key for passwordless authentication, one-time passcode storage, and you can also integrate your Thetis Pro with various password managers.

FIDO2's main benefit is providing passwordless authentication. You'll find the most compatibility with desktop and PC applications, as iOS and Android sometimes impose more restrictions on functionality, and so you should always check compatibility requirements ahead of purchase.

Overall, this security key is very reasonably priced at around $30 as it is currently on sale.

Who it's for: What makes this key stand out is its USB-A and USB-C ports plus easy setup, making it a great option for first-time security key users. I've tested Thetis models in the past and found the setup process is often far less challenging than that of Google's Titan and some YubiKey models.

Customers say that this key provides excellent value for money, although some dislike the bulky nature of this key.

Who should look elsewhere: There are some known limitations, such as with Windows Hello logins and some ID systems. Check for compatibility, and if your chosen service isn't supported, check out another of my recommendations.

Show Expert Take Show less

The YubiKey Bio FIDO Edition is best suited for businesses looking to implement passwordless multi-factor authentication.

Why we like it: It's small, sleek, and provides support for passwordless login protocols. It can also be quickly deployed. Once you've set it up, plug it into a USB-A port, press the fingerprint sensor, and you're finished. You can also use a backup PIN, which can be useful if you accidentally damage your key's reader.

This option is compatible with numerous services and platforms businesses rely on, including Microsoft and Google suites, Linux, 1Password, Okta, Proton, Facebook, and Bitwarden.

However, there are limits to be aware of: while this is a FIDO-certified model, it lacks NFC and is USB-A only.

Who it's for: Businesses of all sizes that want to provide better security and authentication without jumping through too many hoops.

The company also offers a Yubico subscription to businesses that want to provide their teams with keys. This could be the best solution for businesses that need to provide their teams with physical security keys. Customers say customer support could be improved.

Who should look elsewhere: If you need a USB-C connection or NFC support, consider one of my alternatives.

The key is also expensive, retailing at $98.

Show Expert Take Show less

The $53 Kensington VeriMark Gen2 utilizes advanced biometric technology, offering excellent performance, 360-degree readability, and anti-spoofing protection.

Why we like it: With Microsoft's built-in Windows Hello feature, you can log into your Windows 10 or 11 computer using your fingerprint. This works for businesses, too. Users can store up to 10 fingerprints, allowing multiple individuals to access the same computer without needing to remember different usernames or passwords.

Your fingerprint can be used as a second factor for authentication to secure accounts on services such as Google, Dropbox, GitHub, LastPass, and Facebook.

You may need to download additional drivers from Kensington's website for different Windows operating systems. I recently tested this key on a Windows lab machine and found it easy to set up and use, so it may also be a good choice for beginners who want to secure a single machine.

Who it's for: Anyone who wants to secure their accounts and is in the Microsoft Windows ecosystem.

Who should look elsewhere: This key is not compatible with MacOS or ChromeOS, so if you need a reader for these operating systems, look elsewhere.

Kensington VeriMark Gen2 Fingerprint Key f****eatures: Built-in biometrics for added security (Synaptics FS7600) | Compatible with Windows Hello login feature | Compact and unobtrusive design | Stores up to 10 different fingerprints | AES-256/SHA-256 encryption

Show Expert Take Show less

As testers of security keys over the years, we recommend the Yubico YubiKey 5 NFC as the best security key available on the market today. It offers unbeatable security and convenience, making it a worthwhile investment for anyone looking to safeguard their online accounts. However, if this one doesn't suit you, the key features of our other favorites are listed below.

Security key

Price

Connector type

NFC support

Bluetooth support

Waterproofing

Supported services

Compatible devices

Yubico YubiKey 5C NFC

$58

USB-C and NFC

Yes

Water- and dust-resistant

Google Chrome, FIDO-compliant apps

Windows, macOS, Linux, iOS, Android

Yubico YubiKey 5 Nano

$68

USB-A

IP68 water- and dust-resistant

U2F and FIDO2 services

Windows, macOS, Linux

Google Titan security key

$30 - $35

USB-C or USB-A

Yes

No official IP rating

FIDO, Google Chrome services, various apps

Windows, macOS, Android, Google Chrome compatible devices

Thetis Pro FIDO2 Security Key

$30

USB-A, USB-C

Yes

N/A

FIDO2, various apps

Windows, macOS, Linux, mobile NFC

Yubico YubiKey Bio FIDO Edition

$90

USB-A

IP68 water- and dust-resistant

FIDO-enabled services

Windows, Android, Chrome, Linux

Kensington VeriMark Gen2

$50

USB-A

N/A

Google, Dropbox, GitHub, Facebook, and more

Windows

Note: Prices and compatibility information may vary based on location and specific devices. This table is based on the information provided in the given descriptions and is subject to change.

Choose this security key…

If you want…

Yubico YubiKey 5C NFC

The best security key out there with broad versatility and compatibility. This FIDO-certified key is an excellent all-rounder with multi-platform compatibility.

Yubico YubiKey 5 Nano

A high-quality, extremely small security key. This key is a great option if you want a security solution you can take with you on your travels thanks to its tiny form factor.

Google Titan security key

An affordable, multi-platform key suitable for Chrome and Google services, Android, and iOS apps. Users can store up to 250 passkeys.

Thetis Pro FIDO2 Security Key

A security key suitable for beginners that also provides dual-port connectivity. It's also great value for money while it's on sale.

Yubico YubiKey Bio FIDO Edition

The best biometric-focused key for organizations that want to use passwordless authentication, considering its compatibility with services including Bitwarden, Okta, Google, Microsoft, and more.

Kensington VeriMark Gen2

A simple Windows USB-A security key with strong built-in biometrics. This key is discreet, compact, and user-friendly, although it has limited compatibility and isn't suitable for macOS or ChromeOS.

Security keys are an investment of time and money, so it is best to select the right one for you before connecting it to your online accounts, especially since rolling back this decision can be a lengthy process. While you're deciding what security key is right for you, consider the following factors:

Service compatibility: Ensure that the key you're interested in is compatible with your primary services, such as your email provider or business tools and platforms.
One, or two?: We recommend that you purchase a key and a backup. You can often buy two packs of security keys, but in some cases, you may have to spend more. A backup key stored in a safe place is crucial to preventing accidental lockout of your accounts.
Security standards: Security keys should comply with modern standards, including FIDO2. Check that your choice meets these standards to ensure you receive the best protection possible in return for your investment.
Connectivity: Hardware-based security keys use different forms of connectivity, so you should consider what type works best for you, whether USB-based, Bluetooth, or NFC. For example, some of our recommendations support Bluetooth connectivity, while others are limited to USB-A or USB-C.
Hardware: You might need hardware that complies with particular standards or has specific ports for connecting to your devices, so check your key's specifications before purchase.
Environment: If you plan to keep a security key with your house or car key, for example, opt for a model that is resistant to dust, water, and shocks. This may be especially important if you often travel -- and we would still recommend you leave a backup in a safe place, at home.
Price: Choose a security key that fits your budget, and remember that you will need to purchase two if you want a backup key.

Research has been conducted on security keys we recommend across a wide range of devices and services. While we may not be able to test each individual key across every operating system and online platform, we still conduct frequent testing to ensure they work smoothly and efficiently for a range of use cases.

It was also important to analyze feedback from users who have purchased and used these keys over time. This has helped determine the long-term reliability of each key and identify potential compatibility issues users might encounter.

Our main criteria for selecting these security keys are:

Ease of use: There is often a learning curve associated with adopting a new security mechanism or gadget. We wanted to ensure that the next security key you buy is as close to seamless as possible, with easy setup and reasonable compatibility with devices and online services.
Durability: As a physical device securing the keys to your digital kingdom, the products we recommend mustn't easily break. After all, they should be reliable enough to be a long-term security measure.
Form factors: We include different form factors, such as standard key designs, nano options, and products designed for sub-optimal environments.
Security features: Naturally, the security features of a security key are paramount. We considered each device's support for different authentication protocols alongside security measures, including passwordless authentication and biometrics.
Platform, mobile compatibility: We like to see security keys that are compatible with multiple platforms, including the most popular operating systems. It's always a bonus if NFC and mobile support are available.
Vendor: Handing part of your personal security over to a company is a big deal, and so we only considered vendors that are generally trusted by users and have a track record of positive feedback.
Price point: The cost of your next security key is an important factor to consider. As they are physical, we recommend that you pick up two, just in case one ends up lost. As a result, we wanted to ensure that we included affordable options -- even if you have to buy twice.

Latest news

The US Department of Justice has announced the seizure of a database containing stolen credentials that was used by cybercriminals in banking fraud.
Cryptocurrency wallet provider Ledger has notified customers of a data exposure incident connected to a third-party payment processor.
Microsoft key users may have to set up a PIN code following recent Windows updates.
If you've been locked out of X for forgetting to reenroll your security key, here's what to do.

A security key is a physical device that generates a unique code used with a password to authenticate your identity when logging into a website or application. It uses public-key cryptography and is more secure than traditional 2FA methods. You usually plug your key into a trusted device to authenticate yourself.

The FIDO Alliance consortium has developed open standards for authentication protocols. The authentication standard is based on public key cryptography.

Devices that are FIDO certified allow users to quickly sign into their accounts using physical keys or biometric passkeys and have also achieved FIDO protection and security standards.

SMS is open to SIM hijacking, while a physical key cannot be copied or the data intercepted.

Think about it this way: 2FA verification codes sent via SMS messaging may be intercepted if your smartphone has been infected with malware, including spyware. But, unless an attacker has your physical security key in their hand, they cannot grab the code required to access your account.

We recommend purchasing at least two -- one that you use day-to-day and one to keep as a backup. For example, you can keep one in your home office or attached to a keychain if you're on the road, while one is stashed safely away to cover you if you lose your primary key.

Security keys are one of the best authentication methods on the market today and they have very little exploitable attack surface, making them difficult to 'hack' in any way. While there are cases of keys being cloned for academic purposes, as security keys are not constantly connected to the Internet, you don't have to worry about the most common attack vectors having any impact on them. Just keep your key in a safe place.

Security keys and tokens use encryption and work only with genuine websites, not phishing domains. Public and private keys work together to authenticate a user session, but the private key is held on the physical device, reducing the attack surface.

Yes, absolutely. Although, the number of accounts can vary depending on the security key you choose. The key's compatibility with different protocols and online services may also determine what accounts you can protect by using one device, but it is still common to use a single security key to protect multiple accounts -- especially in business settings.

We recommend purchasing two, with one as a backup, just in case one is lost or stolen. As they are generally small and portable, you can keep one with you -- together with your house keys, if you like -- or stashed in your wallet.

Alternatively, the safest option is to keep your key at home, perhaps in a convenient location like your office desk drawer. Your backup should be kept in a secure location, free from potential environmental damage.

The answer to this question depends on the provider and the account registered with your key. If you don't have a backup authentication method, such as an authenticator app, try removing the key from your account and registering a new one. If you are locked out, you may also have to contact relevant IT teams or fill out a request, such as the one provided by Google for free Gmail accounts. This can be more complicated if you are part of advanced protection programs.

Absolutely. Cross-platform compatibility is the hallmark of many security key products today, which is especially important considering many of us aren't tied to just one ecosystem or one device. While some security keys work best on one OS or another, or are limited to PCs, most support multiple operating systems.

Latest updates

January 2026: In ZDNET's January update, we overhauled our 2026 recommendations and included the Thetis Pro FIDO2 security key as one of our top picks.
December 2025: In ZDNET's December update, we overhauled our existing recommendations and revitalized our guide with a new editorial layout and a new news section. We also added the YubiKey Bio FIDO edition and Kensington VeriMark Gen2 as top picks.

Alternative security keys to consider

The $18 TrustKey T110 supports FIDO2 and U2F authentication and is compatible with all major browsers. This specific model is not biometric and only comes with a USB-A connector.

Show Expert Take Show less

While it's expensive at $95, the YubiKey C Bio is a great key if you favor biometric authentication. This FIDO-certified alternative contains a fingerprint reader, but there is also the option to set a PIN as a backup.

Show Expert Take Show less

The $68 YubiKey 5C Nano is a great option if you want a discreet USB-C key with a tiny form factor to connect to your laptop. It's not cheap, but as a FIDO-certified key from the Yubico range, you know it will provide excellent protection.

Show Expert Take Show less

OnlyKey is an interesting alternative. This open source $56 security key provides protection and includes a password manager. It is compatible with all major operating systems and is PIN-protected.

Show Expert Take Show less

If you've found our guide on the best security keys useful, explore more of our security coverage with our guide to the best zero trust security platforms in the market, as well as our top picks for the best antivirus software.

Smartphones

Smartwatches

Tablets

Laptops

TVs

Other Tech Resources

Editorial standards

RETRUI

RETRUI

The best security keys of 2026: Expert tested and reviewed

Best anti-virus deals of the week

What is the best security key right now?

Latest news

Latest updates

Alternative security keys to consider