MORE TOPICS FOR YOU...
The authentication method we’re most familiar with involves a username and a password. But passwords pose several problems, even if you enact good password hygiene practices.
For starters, we aren’t good at remembering passwords and even worse at creating strong ones. Secondly, most users tend to reuse the same password for multiple accounts. So, if one account is compromised, the rest of the accounts are at risk too.
To counter these risks, we suggest using a hardware security key. But with so many security keys available, picking the right one can be tricky. So, here are the best security keys we could find in the market.
1. YubiKey Series
Yubico is the industry leader when it comes to hardware security keys. The company offers security keys that cater to a wide range of users, from individual home users and developers to businesses and large enterprises. Some popular YubiKey versions include:
-
YubiKey 5 NFC
The YubiKey 5 NFC is a compact, lightweight, and durable key and is compatible with many services, including Facebook, Google Chrome, Dropbox, LastPass, and more. The YubiKey 5 NFC also supports many security protocols, including OpenPGP, FIDO U2P, OTP, and Smart Card.
-
YubiKey C Bio
The YubiKey C Bio is one of the few keys featuring biometric authentication. The key stores your biometric information in a separate secure element using a three-chip architecture. You can set up a PIN and use it when biometrics aren’t supported. The key comes in USB-A and USB-C form factors and supports U2F and FIDO2. Unfortunately, the Bio series doesn’t work with LastPass, which may be a dealbreaker for some users.
-
YubiKey 5 Nano
If you’re looking for a compact hardware security key around, this should be it. The YubiKey 5 Nano comes in USB-A & USB-C form factors and supports various security protocols, including OTP, FIDO U2F, OpenPGP, OATH-TOTP, & -HOTP. The tiny size, however, comes at a cost. Unlike other YubiKeys, the Nano key isn’t crush-resistant and doesn’t work with mobile devices.
2. Kensington VeriMark
The Kensington VeriMark fingerprint key uses biometric technology with 360-degree readability and anti-spoofing protection. It supports up to 10 fingerprints so that multiple users can log into the same device.
The compact scanner with a dongle form-factor is built with portability in mind. It measures only 1.2 inches length-wise, so you can attach it to a keychain without feeling its weight. You can even leave it connected to your laptop as you slip it into a bag during a commute.
The Kensington key supports many protocols and works well with cloud-based accounts like Dropbox, GitHub, Facebook, Google, and more. On the flip side, it lacks NFC support and compatibility with macOS and Chrome OS.
3. Google’s Titan Security Key
The Titan key is Google’s version of a physical security key for newcomers who want to protect their accounts with multi-factor authentication. It offers USB-C and NFC support, so you can be sure it will work with just about any device.
Although the key doesn’t read fingerprints, you can tap the center to confirm when logging into sites. It supports the FIDO U2F protocol, which is an older protocol and puts the Titan key at a disadvantage compared to other hardware security keys.
Google’s Titan key doesn’t support biometrics, unlike the Kensington VeriMark key or YubiKeys. But thanks to this, the Titan doesn’t need any set-up. To use the key, all you need is to navigate to a site that supports hardware keys, add the Titan key to your account, follow the directions, and you’re good to go.
4. CryptoTrust OnlyKey
The CryptoTrust OnlyKey has some unique features that its competitors lack. Starting with the design, the OnlyKey offers an onboard keypad designed to bypass keyloggers. Since you enter the characters of your password from the key itself, your accounts are safe even if the device or website is compromised.
You can even protect your passwords with an additional PIN, which makes OnlyKey a proper multi-factor authentication device. It also includes a password manager and other features like self-destruct and encrypted backup. The self-destruct feature protects you against brute force attacks as it wipes your device after many incorrect attempts.
The CryptoTrust OnlyKey is a bit bulkier than its competitors and has a clunkier interface. While it isn’t a major dealbreaker, it may put some users off.
5. Apple Passkeys
Passkeys is Apple’s version of the security key to ensure a fast and secure authentication method. This new authentication technology relies on Touch ID and Face ID to authenticate users without having to enter a password. While this feature doesn’t involve a USB stick, it relies on your device to authenticate. Here’s how Apple’s Passkeys work:
Once you enable the feature for a website or an app, the passkey will be stored on the computer or phone you used to set it up. You can sync it across all your devices using iCloud Keychain. And when you want to sign in to a non-Apple device or a computer you don’t even own, you can scan a QR code with your iPhone to complete the authentication process.
Apple’s Passkeys login method will be available starting with iOS 16, iPadOS 16, and macOS Ventura. It will protect users against phishing attacks by eliminating the use of passwords.
Since this technology is still in its early stages, it’s unlikely that websites and apps will force users to use passkeys right away. They will be used alongside passwords initially but are bound to go mainstream in the future.
Are Hardware Security Keys Worth It?
Hardware security keys aren’t perfect. Not all sites support them, and they can be tricky to set up. They are also not ideal for users who tend to lose things.
But security keys are still safer than the traditional MFA methods. SMS-based recovery codes are prone to SIM jacking attacks, while authenticator apps have their own issues. Hardware-based security keys are much easier to use and provide better security in comparison.
We recommend using at least two physical security keys; one for daily use and a backup key that you could use in case you lose your everyday key.
Security
