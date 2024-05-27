YubiKeys dominate the market for hardware tokens, but they're not the only nor always the best option. Yubico's products can often include features you're never likely to use — but you are still paying for. They can be expensive, particularly if you need multiple keys, and sometimes miss out on quirkier or more creative features available on other keys.

You might also find that some alternative form factors or connectors suit your specific use case more, or that a combination of features not available on any specific YubiKey is just too good to miss. Or maybe you're really keen on a key with fully open-source hardware. Whatever the reason, if you're looking for hardware key alternatives to a YubiKey then we've got some great options.

What to look for in a Security Key

Before diving into alternative keys, we'll briefly consider some of the things to look for in a security key. The first of these is FIDO2 support. FIDO2 is the standardized and improved version of the original FIDO/U2F standard, which is what many websites are still implementing. FIDO2 is the future and is already in place across many sites, so it seems a no-brainer to buy a key with support for it in 2024. That said, backward compatibility with FIDO-U2F is also essential, as FIDO2 isn't yet supported everywhere. We're simplifying these standards a little here, and there are multiple elements to each, but the takeaway is that FIDO2 and U2F are the things you need to look out for.

Additionally, we'll be looking for strong security credentials. This includes FIDO certifications (level 1 is good, level 2 is good enough for government/highly secure applications), as well as considerations about where the keys are manufactured, the security record of the companies behind them, and whether the keys receive updates.

Other nice things to have would be inbuilt password managers or encrypted file storage, and OpenPGP support for encrypting files or emails, but it's important to consider what you'll use. Ultimately, the more feature-rich a key is, the larger its attack surface; so if you're seriously security conscious, then consider this when looking at keys.

Firmware updates for keys are a mixed blessing. Yubico doesn't offer firmware updates, which greatly reduces the attack surface to inject a malicious payload onto a stolen key. The downside of this is that with Yubico keys, what you buy is what you get, and won't get any additional features or support in the future. If you want a new standard to be supported by your YubiKey, you'll need to buy a new one.

This one is a personal preference related to your threat profile but is something to consider when looking at keys.

Device support and hardware

We'll also be looking at device support and hardware in our alternatives. This might include mobile device support via features such as Bluetooth or NFC. Many of these keys are available with a variety of connectors depending on the model, though you'll often pay more for multiple connectors or lightning support.

With these things in mind, let's have a look at some YubiKey alternatives.

1 Thetis FIDO2 Security key

Best value YubiKey Alternative

Thetis FIDO2 Security Key $20 $25 Save $5 The Thetis FIDO2 is an improved version of the original Thetis U2F security key, featuring a swivelling design, USB-A, U2F and FIDO2 support and an affordable price tag. Pros U2F and FIDO2 support

Swivelling design

Good price Cons No TOTP support

No Bluetooth or NFC support $20 at Thetis

The Thetis FIDO2 (an improved version of the original Thetis U2F) security key is one of the best low-price YubiKey alternatives. It's got a familiar swiveling design from USB sticks of the past, and a rock bottom price of $22 - under half that of the YubiKey 5's $50. You lose plenty of features here from a YubiKey, and a serious downside is the lack of Bluetooth and NFC support. This completely limits mobile device connectivity, especially for the USB-A key.

The key supports FIDO2 as well as being backward compatible with the original FIDO U2F standard. There's no TOTP support here though, so you'll still be stuck with an authenticator app for sites that don't support U2F. HOTP is supported, but the use of this now-dated standard is waning (if you're using it anywhere at all.)

Things are a little rougher around the edges than the YubiKey. There's a healthy suite of instructions for getting set up with the Thetis, but some of them can be convoluted. You should also be aware that Thetis manufactures their keys in China, which may prove a dealbreaker for some. This is in contrast to the other options on the list, which are manufactured in Europe or the United States.

2 Kensington Verimark Fingerprint Key

A great option for alternative biometrics

Kensington Verimark Fingerprint Key Affordable at $44.99 (or $18.49 on sale), this compact fingerprint sensor enhances security with biometric and U2F support for Windows Hello and online apps. Lacks TOTP and macOS/ChromeOS support, but a solid choice for Windows users seeking basic, effective security. Pros U2F and FIDO2 support

Great price on sale

Windows Hello support

Fingerprint integration Cons Windows focused

Only available as USB-A

No Bluetooth or NFC

No TOTP options $18 at Amazon

The Kensington Verimark Fingerprint key is an ideal option for slipping into your work or personal laptop for some added security. It's more reasonably priced than some of YubiKey's 'nano' alternatives at $44.99 (though they're available on sale for$18.49 at the time of writing.)

It's got the advantage of having a tiny fingerprint sensor built into it, which adds a biometric factor that can be used for Windows Hello straight out of the box, as well as U2F support. This means that it will work with all your favorite online apps and websites, and act as a biometric fingerprint sensor to log in to your machine, improving your overall security.

Again though, there's no TOTP support here, so you'll be tethered to your authenticator apps for unsupported websites. FIDO2 and UTF are both supported though.

This is very clearly targeted at Windows users, however, as there's no support for macOS or ChromeOS. This key is simpler - there's no waterproofing standards, no fancy software for your PC - it does what it says on the tin, and does it well. On sale, these could be a bargain if you're a Windows user looking for a basic but highly functional security key for your Windows laptop.

3 Solo V2 USB Security Key

Best value open-source key

Solokey Solo2 Crowd-funded and open-source, the Solo 2 offers FIDO2 and U2F support at an affordable $35, with USB-A and USB-C options. Ideal for privacy-focused users supporting grassroots projects, though it lacks OTP support. Pros Open source

FIDO2 and U2F support

Multiple options for connectors

Extremely affordable Cons No TOTP support

Lacklustre physical design $33 at SoloKeys

The Solo 2 is the first of our open-source keys on this list, but it's unique in that it's a fully crowd-funded security key. Made in Europe and first funded in 2021, the project has successfully brought a relatively low cost (at $35 for the USB-A, non-NFC version) security key to the market in both the US and EU. You can inspect the firmware (now written in Rust) on GitHub.

The hardware here is reasonable, if not top-tier. The Solo V2 iterates on the original Solo V1, hardening the hardware and improving NFC performance, but without adding any significant new features. The keys and their swappable plastic enclosures are available in USB A and USB-C configurations, with optional NFC. The most expensive keys are USB-C and NFC enabled, while the cheapest are USB-A without NFC, ranging from $35 to $46.

There's not much in the way of extra-functionality here, but the Solo V2 supports FIDO2 and U2F, making it functional as a pure security key for your online life. Again, there's no OTP support, but the keys are FIDO L1 certified, and firmware upgrades are supported.

We'd consider this a great value option for open-source keys, or if you're looking to support projects from grassroots development efforts. The Solo V2 is a perfectly functional, though unexceptional, USB Security Key that ticks all the right boxes for privacy and security.

4 NitroKey 3

Best the best open-source key

Nitrokey 3 A feature-rich, open-source security key for ~$65, offering TOTP, PGP, NFC, and U2F/FIDO support. Based in Berlin, NitroKey provides excellent documentation and global shipping, though it has faced some reputational issues. Pros Open Source

U2F and FIDO2 support

OTP support

Onboard PGP support

NFC support Cons Company has faced reputational issues $55 at Nitrokey (USB Type-A) $59 at Nitrokey (USB Type-C)

NitroKey, like Yubico, makes a range of keys with all sorts of options on offer. While there's a lot of choice, we'd suggest only looking at the NitroKey3, as it's the only one with full U2F/FIDO support. This is a great feature-rich key with a whole host of great features, including TOTP support, PGP, and a touch button similar to YubiKeys.

The lineup of the NitroKey 3 is large, with Mini, USB-C, and NFC-enabled options. We'd suggest the NitroKey 3C NFC, which comes in at ~$65, but there's a reasonable range of form factors to choose from. The feature set here is killer, with NFC, TOTP, and U2F/FIDO in addition to PIV smart key support. NitroKeys documentation is also top-notch, with a great range of tutorials on getting set up and started with the keys. This is a great option for a feature-rich but still open-source key.

NitroKey themselves are based in Berlin and open-source both their hardware and software on GitHub. They ship worldwide (and even accept Bitcoin), and while this is a little more expensive than some of the open-source options on our list, it is feature-packed.

You should be aware that NitroKey itself has garnered some negative attention online after alleging that smartphones with Qualcomm chips are secretly phoning home to share their users' data. This received significant criticism as both technically inaccurate and sensationalized and criticism as a part of an advertising campaign for the companies NitroPhone, damaging their reputation in the eyes of some.

The NitroKey 3 is a great option for an open-source key with plenty of features

5 CryptoTrust OnlyKey

Great if you're worried about keeping your key secure

CryptoTrust OnlyKey OnlyKey adds a PIN for extra security, self-destructs after ten failed attempts, and auto-locks after 30 minutes. Waterproof and drop-proof, it supports TOTP, FIDO2, U2F, and includes a built-in password manager, though lacks NFC and Bluetooth. Pros Pin for added security

Self-destruct feature

U2F and FIDO2 support

Onboard TOTP

Certified for waterproof and dropproof standards Cons No NFC or Bluetooth

Self-destruct feature $56 at Amazon

The OnlyKey is another great option, with a twist. The OnlyKey requires a PIN to be entered to unlock it, adding an extra layer of security. While this is configurable on the YubiKey 5, there's no hardware element to unlock the key. It also includes a self-destruct after ten failed attempts, which may be a feature or a downside (depending on how often you plan on using your key, or how good your medium-term memory is). The key automatically locks itself after 30 minutes.

The OnlyKey has some other party pieces. It's waterproof and drop-proof (standardized to IP68 and MIL-STD-810G), supports TOTP, FIDO2, and U2F, and even features an inbuilt password manager. It comes at a similar price point to a YubiKey, and OnlyKey also offers a smaller (though not exactly Nano) dual USB-C and USB-A key for those who change between devices a lot, though this doesn't feature the same pin-entry system.

The big downside here is that there's no NFC or Bluetooth, so support for your Android or iOS device will be limited. The built-in password manager is a significant value add here though, and is capable of storing an unlimited number of passwords when combined with software running on your PC.

There are some great YubiKey alternatives out there.

YubiKey has a huge advantage in this market and has been dominating for years. But this monopoly isn't healthy, and there have been some great upstarts with a range of new features, often at a cheaper price point. There's money to be saved by skipping out on the features you don't need, and there are some excellent though basic security keys with modern FIDO2 support available for well over half the price of a YubiKey.