“`html The Best Security Key for Multi-Factor Authentication

The Yubico Security Key C NFC is the best security key for most people because it offers wide compatibility at a low price. It’s the newer version of our previous top pick, and it supports newer authentication protocols. Design-wise, it’s nearly identical to our upgrade pick, but it lacks that key’s advanced features. However, unless you need to use it as a smart card or to generate MFA codes, the Security Key C NFC is capable enough, and it’s also more affordable.

It can be used with almost any site that supports security keys. The refreshed Security Key C NFC supports the older—yet still widely used—FIDO U2F protocol. It also supports the newer FIDO2/WebAuthn protocol, which allows for passwordless authentication and passkey storage. That means you can probably use this security key well into the future.

It has reliable, multi-platform support. A security key that doesn’t work well with all of your devices isn’t worth buying. The Yubico Security Key C NFC got along well with the 15-inch MacBook Air, Pixel 7a, iPhone 14 Plus, and the Lenovo Windows 11 laptop we used for our latest round of testing.

It’s durable enough to live on your keychain. The Security Key C NFC is extremely well made and pleasant to hold. The plastic enclosure is slightly textured, with a recessed, touch-sensitive disk on its surface that you tap during authentication. Although Yubico’s products are light, they feel sturdy, and they didn’t flex or creak when we tried to bend them. Many competing keys felt cheap, plastic-y, and hollow by comparison. The Security Key C NFC emerged from our shake test with minor scuffs, which were difficult to see even in good lighting. We’ve been using Yubico devices for years, and we can say with certainty that they can survive on keychains without issue.

Yubico offers easy onboarding and excellent customer support. Yubico packaging—which must be torn open and shows attempts from anyone trying to tamper with the key inside—includes a URL that leads to the company’s onboarding materials. A visual menu helps people quickly identify their keys and find relevant setup materials as well as instructional  (albeit somewhat dated) videos. Yubico also lists which services are compatible with its keys, and this is very handy. We found that Yubico offers responsive customer support through its website. When we sent in a question, customer service responded in minutes with a thorough and thoughtful response.

It doesn’t have many advanced features. The Security Key C NFC does not support the Yubico OTP MFA protocol, though this isn’t much of a loss because it’s not widely used. This key also doesn’t support TOTP storage, Smart Card/PIV, OpenPGP key storage, or any of the other neat tricks found in the Yubico YubiKey 5 series. But most people won’t be able to take advantage of them anyway.

Yubico does not use open-source firmware or hardware. Open-source software can be examined for potential security flaws, and open-source hardware should likewise be free of nasty surprise vulnerabilities. Yubico does, however, have an active vulnerability disclosure program.

You can’t upgrade the firmware. Upgradable firmware is nice because it allows manufacturers to protect customers against recently discovered vulnerabilities and even add new features. A system for updating firmware, however, could potentially be exploited by attackers, although it would have to be a complex attack. In the past, Yubico has issued a recall when a problem was discovered with its product.

It has only one design. Although you can choose between USB-A and USB-C models, the Yubico Security Key line doesn’t have the variety of designs and connectors found in the Yubico YubiKey 5 series or in Feitian’s stable of products. If you have very specific needs about the size and function of your key, you’ll need to look at those options.

It’s a good deal for one key but pricey for two. The most secure way to ensure you’re never locked out of your accounts is to buy a backup key and enroll it everywhere you use your primary key. While the Yubico Security Key C NFC is comparably cheap, it’s less of a compelling deal when you’re buying a backup, too. One alternative is to use backup codes or another form of MFA as a backup. The experts we spoke with cautioned that attackers may attempt to fool you into using a backup MFA option that’s phishable, so be careful if you go that route.