Advice Request Hardware Security Keys Showdown

[HarborFront]

I shortlisted some security keys. I own the below Yubikey 5C NFC but it works with Windows Local Account sign in only.


1) Yubikey 5C NFC – Great for websites and apps sign in. Also, for android phone use.

a) Works with Windows Hello Local Accounts only
b) Has NFC. No BT
c) Has a keychain hole for safekeeping
d) Works with Android phone for 2FA on websites and apps. Needs Yubico Authenticator
e) List of supported apps and websites e.g. Bitwarden Premium, BitLocker, KeePassXC, Tutanota, Outlook, Office 365, Amazon, eBay etc.
Works with YubiKey catalog
f) Support most websites and apps

2) Feitian BioPass FIDO2 K49 USB-C Security Key

a) Can work with Windows Local Account only, if you use a tool
b) Has Biometric/FIDO2/FIDO U2F
c) No BT/NFC
d) The downsides are the lack of TOTP OATH HOTP support and lack of out-of-the-box PIV support. Therefore, cannot work with android phone
e) Has a keychain hole for safekeeping
f) List of supported apps and websites e.g. Bitwarden Premium, Amazon, Office 365, Outlook, eBay etc
catalog – FIDO Security Keys
g) Support many websites and apps but not as many as Yubikey

3) Token2 T2F2-NFC-Slim FIDO2, U2F and TOTP/HOTP Security Key – Good for websites and apps sign in. Also, for android phone

a) No BT
b) Works with Android phone for 2FA on websites and apps. Needs T2F2 Companion android app
c) Has keychain hole for safekeeping
d) List of supported apps and websites
Token2 | Hardware MFA tokens for Azure MFA | Integration guides | TOKEN2 MFA Products and Services | programmable hardware token, FIDO2 key, U2F key, TOTP, Hardware MFA tokens for Azure MFA |
e) Not many websites and apps supported

4) TrustKey Security Key G320H USB-C Security Key

a) Has Biometric/FIDO2/FIDO U2F/TOTP/HOTP
b) No BT/NFC
c) Cannot work with android phone. No android app
d) Has keychain hole for safekeeping
e) Not many websites and apps supported
f) Not reliable based on amazon reviews

5) Kensington VeriMark IT Fingerprint Key USB-A K64704WW

a) Works with Office 365, Outlook etc
b) No BT/NFC/USB-C so cannot use with android phone
c) No keychain hole for safekeeping
d) Not many websites and apps supported

Info of the above gathered from manufacturers' websites and other reviews. Correct me if I'm wrong.

Anyone own security key(s) can contribute some info?

Thanks

 

[piquiteco]

@HarborFront Go from 1Yubikey 5C with NFC, and it can be a USB Type A or USB Type C Key depending on your needs. Using Yubikey with Windows Hello on Windows 10 and 11 I don't see any advantage in using it, because in itself Windows Hello offers good protection, even more so if you have TPM 2.0 which is FIDO2 compatible. I recommend that you create a strong password on your Windows 10 or 11 account and then enable PIN and set a 6 or more digit PIN that you will be secure. Pin is better than using a password. For more information you can read here.

 

[HarborFront]

@HarborFront Go from 1Yubikey 5C with NFC, and it can be a USB Type A or USB Type C Key depending on your needs. Using Yubikey with Windows Hello on Windows 10 and 11 I don't see any advantage in using it, because in itself Windows Hello offers good protection, even more so if you have TPM 2.0 which is FIDO2 compatible. I recommend that you create a strong password on your Windows 10 or 11 account and then enable PIN and set a 6 or more digit PIN that you will be secure. Pin is better than using a password. For more information you can read here.

Already done that. I have the Yubikey 5C NFC

Later will enable BitLocker with PIN as well. Yubikey can use for BitLocker

 

[HarborFront]

I have Feitian ePass FIDO NFC/PLUS (K9/K9+), YubiKey5/5c. As far as I know, in most cases, Windows natively does not support using fido key as a password replacement to use Windows Hello. Unless you use It is the Windows Enterprise Edition and you can use the fido key to log in to the Windows system only when you cooperate with AzureAD to bring your device into the organization management. I don’t know how you can use the fido key to log in to the Windows system. For the Android system, All you need is a security key that supports NFC or Bluetooth.

I use Google Translate, some vocabulary and grammar may be incorrect, sorry.

Yup, just rechecked and you are right

Actually, Feitian has a tool for Personal Account Windows Logon but it is for local accounts only.

FEITIAN Windows Logon – FIDO Security Keys

fido.ftsafe.com

So, I've edited my above post.

Lucky for your input. Otherwise, I would have bought the wrong security key. Thanks a lot

 

[piquiteco]

Already done that. I have the Yubikey 5C NFC

Later will enable BitLocker with PIN as well. Yubikey can use for BitLocker

Yes, I know, but Yubikey will not add anything to your security in logging in with a key in Windows. Because Windows doesn't offer a native way to login with security key, you will have to use third-party program, so that I remember only microsoft's azure client allows you to login with security keys.