Private alternatives to SMS codes, Authenticator apps, vetted against our public criteria.
Full-featured hardware security key from Yubico supporting FIDO2/WebAuthn, TOTP/HOTP, smart card (PIV), and OpenPGP across multiple form factors including USB-A, USB-C, and NFC variants.
Yubico's entry-level hardware security key offering FIDO2/WebAuthn support at a lower price point, available in USB-A and USB-C variants, with NFC on select models.
Open-source hardware security key line from Berlin-based Nitrokey, with models ranging from the FIDO2-only Nitrokey Passkey to the Nitrokey 3, which adds PIV smart card, OpenPGP, and TOTP support.
A hardware security key is a small device that plugs into USB or taps over NFC to prove it is really you logging in. It is the strongest second factor available, because the secret never leaves the key and it cannot be phished the way a code can.
Look for FIDO2 and WebAuthn support, the modern phishing-resistant standard, plus the connectors your devices actually use: USB-C, USB-A, NFC, or Lightning. Buy two so you have a backup, and consider whether you also want TOTP, smart-card, or OpenPGP features beyond basic login.
Codes from an app or text message can be phished: a fake login page simply asks you to type them in. A security key checks the real web address before it responds, so it will not authenticate to an impostor site. That single property stops the most common account takeovers.
Register the key on your important accounts, email first, then add a second key as backup and store it somewhere safe. Keep one on your keyring and the other at home, and your logins become both easier and far harder to steal.