Security keys: what are they and should you use one?

Security keys: what are they and should you use one?

Security keys are a way to add some additional security to your devices

by Kurt Knutsson
image_printPrint this article

We love hearing from you, especially when it comes to important topics like online security. Denise from Bluefield, Virginia, recently reached out with a great question about physical security keys and how effective they are. Here’s what she wrote:

I have a question about the use and effectiveness of security keys. I have looked on your website and did not see a topic on these devices. Could you please do a review of this type of security protection?

Security keys come in several shapes and sizes. They are typically small, hardware-based keys, that can be used to verify your identity and provide access to digital services and accounts. You may have heard of these in the past in relation to cryptocurrency wallets, but they don’t just exist for cryptocurrency. Many services and apps rely on security keys, and physical security keys are becoming increasingly popular in cybersecurity. Let’s get into what security keys are, how they work, and why it might be worth it for you to have one.

Stay protected & informed! Get security alerts & expert tech tips—sign up for Kurt’s The CyberGuy Report now

A press release photo of a Yubico security key laying on a table next to a mobile phone and a laptop.

Credit: Yubico

 

What are security keys?

Security keys can take several forms, but you’ll most commonly see them as small, plastic, physical keys with a USB connector for plugging into a computer. Possessing the physical key allows the website or service you are using to identify you and log you into your account. Employers often issue security keys to people working in environments where they routinely interact with confidential information.

For example, a legal team may issue security keys or key cards for its attorneys’ laptops, and individuals working in cybersecurity may use a security key or card to sign into their workstations in the office. To use a security key, the key must first be enrolled with every site or service you want to protect with the key.

A stock photo of a screen showing a mouse pointer and the word 'Security'.

 

A NEW SECURITY SEAL OF APPROVAL IS COMING TO YOUR SMART HOME GADGETS

 

How security keys are used

While support for physical security keys is becoming more popular, it’s not as widespread as you might think or hope. There’s little standardization with security keys and digital services, so each key may function differently and have a different enrollment process. However, the standard process typically looks like this – somewhere in your account settings for a digital service, you’ll see an option for adding a security key.

Click it and follow the on-screen prompts, which typically require you to tap or insert the security key and create a name for it. You will usually be limited to just one key, but some services and sites allow you to use multiple keys. You’ll also most likely need to create a secondary two-factor authentication (2FA) as a one-time code to backup your physical security key, and provide access to your account even if you lose the key.

Some security keys will also feature biometric features, such as fingerprint readers, to offer additional protection. Many keys now also include wireless capabilities, typically through near-field communication, which allows them to interact with mobile devices such as phones and tablets.

A stock photo showing an encryption program on a screen.

 

TOP ROUTERS FOR BEST SECURITY IN 2025

 

How security keys function

Nearly all security keys on the market utilize the standards set by the FIDO Alliance. Security keys use a system commonly called asymmetric cryptography to encrypt and decode your identity from the security key. While it may sound highly technical, it’s a simple process, and not too dissimilar to how encrypted messaging apps such as WhatsApp and Signal work.

When shopping for a hardware-based security key, ensure that it features at least FIDO U2F certification. A key with FIDO U2F certification will work in nearly any environment, and it is the most commonly applied security standard for passkeys. If you are looking for a security key that also supports biometric login, you’ll need to find one that supports FIDO2/WebAuthn.

 

WHAT IS A VPN AND CAN IT REALLY PROTECT MY ONLINE PRIVACY AND SECURITY?

More from CyberGuy
🔴 Free Live Class
Latest CyberGuy Report podcast episode

Watch the latest episode of The CyberGuy Report.

📱 Free class recording: Lock down your phone

Missed this event? Sign up via the registration form and see our live recording.

🛒 This week’s top Amazon deals

See Kurt’s latest Amazon picks for useful gadgets, smart home upgrades and everyday tech worth grabbing while the deals last.

×

Latest CyberGuy Report podcast episode

Reserve your free spot

 

How safe are security keys?

Let’s say you lose your security key or that it’s stolen. It’s improbable that someone could track you down and steal your security key. Cyberattacks and cybercrime are something that typically happen on a large scale, with tens of thousands, if not millions, of accounts compromised at the same time. While I don’t want to deny that there is targeted and individual cybercrime, most cybercriminals try to cast a far and wide net.

It’s a more common scenario that someone loses a security key. After all, they are typically relatively small and easy to misplace. Losing a security key can be a real problem. Most security key manufacturers suggest you have a second security key on hand to enroll as a backup key. Some services, but not all, will require you also to create an additional 2FA log-in, which will be used in the event you lose your key.

 

Pros and Cons of Hardware Security Keys

Pros

  • Enhanced security: Hardware security keys provide a stronger level of protection compared to traditional password-based authentication methods.
  • Phishing resistance: These keys are nearly impossible for cybercriminals to compromise through phishing attacks.
  • Convenience: Security keys are easy to use, often requiring just a simple tap or insertion into a device.
  • No dependence on connectivity: Unlike some digital authentication methods, physical security keys function independently of internet connections.
  • Multi-protocol support: Many security keys support multiple authentication protocols, making them versatile for various services.

Cons

  • Cost: Unlike most 2FA systems, security keys require an initial investment, ranging from $20 to $95.
  • Potential for loss or damage: Physical keys can be lost, stolen, or damaged, potentially causing user downtime.
  • Limited compatibility: Not all websites and services accept security keys, so users may still need alternative authentication methods.
  • Learning curve: While generally user-friendly, some users may need time to adapt to using a physical key for authentication.
  • Not 100% secure: Although highly secure, hardware keys are not immune to all types of attacks, such as sophisticated physical tampering.

 

Apple device compatibility

To use security keys with your Apple ID, your devices must meet specific software requirements:

  • iPhones and iPads: iOS 16.3 or iPadOS 16.3 or later
  • Macs: macOS Ventura 13.2 or later

If any of your Apple devices don’t meet these requirements, you won’t be able to use security keys with your Apple ID across your devices.

Types of security keys

Apple supports FIDO Certified security keys. These can be:

  • NFC-enabled keys (for iPhones)
  • USB-C keys (for newer iPhones, iPads, and Macs)
  • Lightning connector keys (for older iPhones and iPads)

Setup process

Implementation steps

On iPhone or iPad:

  • Go to Settings > [your name] > Password & Security
  • Tap “Add Security Keys”
  • Follow the on-screen instructions to add your keys

On Mac:

  • Click the Apple menu > System Settings
  • Click your name > Password & Security
  • Click “Add” next to Security Keys
  • Follow the on-screen prompts

PC (Windows) compatibility

Windows 10 or above is required.

PC (Windows)

  • Open the Windows Settings app and go to Accounts > Sign-in options > Security Key.
  • Select “Manage” and insert your security key into the USB port, or tap it on the NFC reader.
  • Follow the on-screen instructions to set up a new security key PIN.
  • You can add multiple security keys and manage them from this settings page.

Android compatibility

Android 9.0 or above is required for full compatibility.

Android

  • Add your Google Account to your Android phone.
  • Ensure you’re enrolled in two-factor authentication (2FA) for your Google Account.
  • On a computer, visit the 2FA settings for your Google Account and click “Add security key.”
  • Choose your Android phone from the list of available devices.
  • Make sure Bluetooth is turned on both on your phone and the device you’re signing in on when using this feature.

 

Popular security keys

A wide range of security keys are available on the market, but one of the most popular brands for security keys is Yubico. They sell a wide range of security keys that feature different certifications and authentication methods. I’ll go over a few of the best and most popular security keys on the market, and I’ll be sure to include which certifications each has.

 

Yubico YubiKey 5C NFC

A marketing photo of the Yubico YubiKey 5C NFC.

Credit: Amazon

The Yubico YubiKey 5C NFC is my favorite security key. It supports multiple authentication protocols, including FIDO2, FIDO U2F, and WebAuthn/CTAP.  It’s right in the middle regarding price, costing $55 at the time of publishing. However, this key provides a bit more than most people will need when looking for a security key. If you can take advantage of the advanced features, such as OpenPGP encryption, then this security key is for you, but if you are looking for a basic security key, I would go with something cheaper instead.

Get Yubico Yubikey 5C NFC 

 

 

FeiTian ePass A4B USB Security Key

A marketing photo showing the FeiTian ePass A4B USB Security Key on a white background.

Credit: Amazon

For those looking for a security key that provides security without breaking the bank, consider the FeiTian ePass A4B USB Security Key. This security key is available on Amazon at the time of publishing for $17.50. This security key features FIDO2 and FIDO U2F, and is a plug-and-play solution. You won’t need to install any special drivers; this device works on any USB-A compatible device, and is compatible with the majority of digital services that accept security keys. However, this security key has no NFC nor biometric log-in features.

Get FeiTian ePass A4B USB Security Key

 

 

FeiTian BioPass K26 USB-C Security Key

A marketing photo showing the Feitian BioPass K26 USB-C security key.

Credit: Amazon

If you want a security key with a biometric function, check out the BioPass K26 USB-C Security Key from FeiTian. This security key features the most recent generation of security protocols, supporting both WebAuthn/CTAP and FIDO 2. A security key such as this one with a biometric feature will keep your data safe even in the event of a stolen security key, and it can give you a great deal of peace of mind.

Get FeiTian BioPass K26 USB-C Security Key

 

 

Kurt’s key takeaways

If you want to boost your online security and privacy, then a physical security key might be the best way to do it. The only real downside to security keys is how easy they are to lose and that we haven’t yet reached mass adoption for security keys online. However, many of the most popular online sites and services offer support for security keys. While it’s not been uncommon for enterprise users to receive security keys or keycards from their employers, it’s not been common until now for there to be consumer-facing security keys. Hopefully, as more security keys are sold, more and more services will adopt security key enrollment.

Have you ever used a security key? Let us know what your experience was like down in the comments below.

TO GET MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER

 

 

Copyright 2025 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.

image_printPrint this article

   
 
 
🎙 Now Streaming: My New Podcast: The CyberGuy Report

   


 

Kurt’s Top Deals

Deals move fast and inventory can be limited, so don’t wait too long.

🔥 Editor’s pick
Summer entertaining
Ninja SLUSHi Machine
(26% off)
Frozen drinks and slushies at home in minutes.
 
Patriotic pick
American Flag
(19% off)
Heavyweight outdoor American flag.
💰 Top deal
Outdoor essential
TYPEC Solar Bug Zapper
(36% off)
Solar-powered bug zappers for patios and camping.
 
Car tech
ROVE R3 Dash Cam
(33% off)
Front, rear and cabin camera coverage.

Leave a Comment

Free newsletter

Get my free CyberGuy Report

Get my latest tech news, security alerts, tips and deals delivered straight to your inbox.

No spam. No sharing your email. Ever.

🎁

Bonus: Get my FREE Ultimate Scam Survival Guide instantly when you sign up.

By signing up, you agree to our Terms of Service and Privacy Policy . You may unsubscribe at any time.

Tips to avoid our newsletters going to your junk folder