Security keys: what are they and should you use one?

We love hearing from you, especially when it comes to important topics like online security. Denise from Bluefield, Virginia, recently reached out with a great question about physical security keys and how effective they are. Here’s what she wrote:
I have a question about the use and effectiveness of security keys. I have looked on your website and did not see a topic on these devices. Could you please do a review of this type of security protection?
Security keys come in several shapes and sizes. They are typically small, hardware-based keys, that can be used to verify your identity and provide access to digital services and accounts. You may have heard of these in the past in relation to cryptocurrency wallets, but they don’t just exist for cryptocurrency. Many services and apps rely on security keys, and physical security keys are becoming increasingly popular in cybersecurity. Let’s get into what security keys are, how they work, and why it might be worth it for you to have one.

Credit: Yubico
What are security keys?
Security keys can take several forms, but you’ll most commonly see them as small, plastic, physical keys with a USB connector for plugging into a computer. Possessing the physical key allows the website or service you are using to identify you and log you into your account. Employers often issue security keys to people working in environments where they routinely interact with confidential information.
For example, a legal team may issue security keys or key cards for its attorneys’ laptops, and individuals working in cybersecurity may use a security key or card to sign into their workstations in the office. To use a security key, the key must first be enrolled with every site or service you want to protect with the key.
A NEW SECURITY SEAL OF APPROVAL IS COMING TO YOUR SMART HOME GADGETS
How security keys are used
While support for physical security keys is becoming more popular, it’s not as widespread as you might think or hope. There’s little standardization with security keys and digital services, so each key may function differently and have a different enrollment process. However, the standard process typically looks like this – somewhere in your account settings for a digital service, you’ll see an option for adding a security key.
Click it and follow the on-screen prompts, which typically require you to tap or insert the security key and create a name for it. You will usually be limited to just one key, but some services and sites allow you to use multiple keys. You’ll also most likely need to create a secondary two-factor authentication (2FA) as a one-time code to backup your physical security key, and provide access to your account even if you lose the key.
Some security keys will also feature biometric features, such as fingerprint readers, to offer additional protection. Many keys now also include wireless capabilities, typically through near-field communication, which allows them to interact with mobile devices such as phones and tablets.
TOP ROUTERS FOR BEST SECURITY IN 2025
How security keys function
Nearly all security keys on the market utilize the standards set by the FIDO Alliance. Security keys use a system commonly called asymmetric cryptography to encrypt and decode your identity from the security key. While it may sound highly technical, it’s a simple process, and not too dissimilar to how encrypted messaging apps such as WhatsApp and Signal work.
When shopping for a hardware-based security key, ensure that it features at least FIDO U2F certification. A key with FIDO U2F certification will work in nearly any environment, and it is the most commonly applied security standard for passkeys. If you are looking for a security key that also supports biometric login, you’ll need to find one that supports FIDO2/WebAuthn.
WHAT IS A VPN AND CAN IT REALLY PROTECT MY ONLINE PRIVACY AND SECURITY?
How safe are security keys?
Let’s say you lose your security key or that it’s stolen. It’s improbable that someone could track you down and steal your security key. Cyberattacks and cybercrime are something that typically happen on a large scale, with tens of thousands, if not millions, of accounts compromised at the same time. While I don’t want to deny that there is targeted and individual cybercrime, most cybercriminals try to cast a far and wide net.
It’s a more common scenario that someone loses a security key. After all, they are typically relatively small and easy to misplace. Losing a security key can be a real problem. Most security key manufacturers suggest you have a second security key on hand to enroll as a backup key. Some services, but not all, will require you also to create an additional 2FA log-in, which will be used in the event you lose your key.
Pros and Cons of Hardware Security Keys
Pros
- Enhanced security: Hardware security keys provide a stronger level of protection compared to traditional password-based authentication methods.
- Phishing resistance: These keys are nearly impossible for cybercriminals to compromise through phishing attacks.
- Convenience: Security keys are easy to use, often requiring just a simple tap or insertion into a device.
- No dependence on connectivity: Unlike some digital authentication methods, physical security keys function independently of internet connections.
- Multi-protocol support: Many security keys support multiple authentication protocols, making them versatile for various services.
Cons
- Cost: Unlike most 2FA systems, security keys require an initial investment, ranging from $20 to $95.
- Potential for loss or damage: Physical keys can be lost, stolen, or damaged, potentially causing user downtime.
- Limited compatibility: Not all websites and services accept security keys, so users may still need alternative authentication methods.
- Learning curve: While generally user-friendly, some users may need time to adapt to using a physical key for authentication.
- Not 100% secure: Although highly secure, hardware keys are not immune to all types of attacks, such as sophisticated physical tampering.
Apple device compatibility
To use security keys with your Apple ID, your devices must meet specific software requirements:
- iPhones and iPads: iOS 16.3 or iPadOS 16.3 or later
- Macs: macOS Ventura 13.2 or later
If any of your Apple devices don’t meet these requirements, you won’t be able to use security keys with your Apple ID across your devices.
Types of security keys
Apple supports FIDO Certified security keys. These can be:
- NFC-enabled keys (for iPhones)
- USB-C keys (for newer iPhones, iPads, and Macs)
- Lightning connector keys (for older iPhones and iPads)
Setup process
- Ensure you have at least two compatible security keys.
- Update all your Apple devices to the required software versions.
- Enable two-factor authentication for your Apple ID if not already active.
Implementation steps
On iPhone or iPad:
- Go to Settings > [your name] > Password & Security
- Tap “Add Security Keys”
- Follow the on-screen instructions to add your keys
On Mac:
- Click the Apple menu > System Settings
- Click your name > Password & Security
- Click “Add” next to Security Keys
- Follow the on-screen prompts
PC (Windows) compatibility
Windows 10 or above is required.
PC (Windows)
- Open the Windows Settings app and go to Accounts > Sign-in options > Security Key.
- Select “Manage” and insert your security key into the USB port, or tap it on the NFC reader.
- Follow the on-screen instructions to set up a new security key PIN.
- You can add multiple security keys and manage them from this settings page.
Android compatibility
Android 9.0 or above is required for full compatibility.
Android
- Add your Google Account to your Android phone.
- Ensure you’re enrolled in two-factor authentication (2FA) for your Google Account.
- On a computer, visit the 2FA settings for your Google Account and click “Add security key.”
- Choose your Android phone from the list of available devices.
- Make sure Bluetooth is turned on both on your phone and the device you’re signing in on when using this feature.
Popular security keys
A wide range of security keys are available on the market, but one of the most popular brands for security keys is Yubico. They sell a wide range of security keys that feature different certifications and authentication methods. I’ll go over a few of the best and most popular security keys on the market, and I’ll be sure to include which certifications each has.
Yubico YubiKey 5C NFC
The Yubico YubiKey 5C NFC is my favorite security key. It supports multiple authentication protocols, including FIDO2, FIDO U2F, and WebAuthn/CTAP. It’s right in the middle regarding price, costing $55 at the time of publishing. However, this key provides a bit more than most people will need when looking for a security key. If you can take advantage of the advanced features, such as OpenPGP encryption, then this security key is for you, but if you are looking for a basic security key, I would go with something cheaper instead.
FeiTian ePass A4B USB Security Key
For those looking for a security key that provides security without breaking the bank, consider the FeiTian ePass A4B USB Security Key. This security key is available on Amazon at the time of publishing for $17.50. This security key features FIDO2 and FIDO U2F, and is a plug-and-play solution. You won’t need to install any special drivers; this device works on any USB-A compatible device, and is compatible with the majority of digital services that accept security keys. However, this security key has no NFC nor biometric log-in features.
Get FeiTian ePass A4B USB Security Key
FeiTian BioPass K26 USB-C Security Key
If you want a security key with a biometric function, check out the BioPass K26 USB-C Security Key from FeiTian. This security key features the most recent generation of security protocols, supporting both WebAuthn/CTAP and FIDO 2. A security key such as this one with a biometric feature will keep your data safe even in the event of a stolen security key, and it can give you a great deal of peace of mind.
Get FeiTian BioPass K26 USB-C Security Key
Kurt’s key takeaways
If you want to boost your online security and privacy, then a physical security key might be the best way to do it. The only real downside to security keys is how easy they are to lose and that we haven’t yet reached mass adoption for security keys online. However, many of the most popular online sites and services offer support for security keys. While it’s not been uncommon for enterprise users to receive security keys or keycards from their employers, it’s not been common until now for there to be consumer-facing security keys. Hopefully, as more security keys are sold, more and more services will adopt security key enrollment.
Have you ever used a security key? Let us know what your experience was like down in the comments below.
TO GET MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.




