Hardware Security Key
A physical USB or NFC device that provides the strongest form of two-factor authentication, cryptographically bound to each website so it cannot be phished.
Also known as: FIDO key, USB security key, YubiKey, physical security token
Last reviewed: 10 June 2026
A hardware security key is a small physical token that plugs into a USB port or taps via NFC to authenticate a login. It implements the FIDO2/WebAuthn standard, generating a unique cryptographic response for each website based on the site's origin. Because the response is origin-bound, inserting the key on a fake lookalike site produces no valid response — the phishing attack fails automatically.
Hardware keys are used by security professionals, journalists, activists, and anyone at elevated risk of targeted attack. They require no battery, generate no codes to be intercepted, and are resistant to malware running on the computer (some models require a physical tap to confirm). Loss of the key requires a backup key or recovery codes, so users should register two keys wherever possible.
For high-value targets — executives, accountants with wire-transfer authority, cryptocurrency holders — a hardware security key is the most practical way to achieve near-complete account-takeover resistance. Prices typically range from $25 to $70.