Recommendations for purchasing a security key for use with Microsoft multifactor authentication


When purchasing a security key to use with Microsoft multifactor authentication (MFA), the TTU IT Division recommends keys from Yubico, the most reputable and supported brand, with well-made products.


Best options

The following security keys support FIDO2, as well as other protocols used by some non-TTU services. These are the most compatible keys available. They support the most services and devices.

Good options

The following security keys support FIDO2-only protocols and will work with Microsoft MFA at TTU. These may not work with some non-TTU services.

Other recommendations and security key best practices

  • Treat your key as a password.
    • Keep it in a secure place (for example, on a keyring) and do not leave it lying around.
    • Do not allow it to get mixed up with someone else's key. Consider putting a drop of fingernail polish or something on the "handle" of the key to uniquely identify it.
    • Do not share your key with anyone else.
    • Use a hard-to-guess PIN (eight characters recommended).
    • Never write your PIN on the key!
  • Do not leave your key plugged in when not using the device.
  • Use a key with a touch sensor that requires you to be physically present. (Recommended YubiKey options have this!)
  • If you lose a key, promptly remove it from your accounts.