When purchasing a security key to use with Microsoft multifactor authentication (MFA), the TTU IT Division recommends keys from Yubico, the most reputable and supported brand, with well-made products.

Best options

The following security keys support FIDO2, as well as other protocols used by some non-TTU services. These are the most compatible keys available. They support the most services and devices.

• YubiKey 5C NFC, compatible with USB-C and NFC
• YubiKey 5 NFC, compatible with USB-A port and NFC

Good options

The following security keys support FIDO2-only protocols and will work with Microsoft MFA at TTU. These may not work with some non-TTU services.

• YubiKey Security Key C NFC, compatible with USB-C and NFC
• YubiKey Security Key NFC, compatible with USB-A port and NFC

Other recommendations and security key best practices

• Treat your key as a password.
  • Keep it in a secure place (for example, on a keyring) and do not leave it lying around.
  • Do not allow it to get mixed up with someone else's key. Consider putting a drop of fingernail polish or something on the "handle" of the key to uniquely identify it.
  • Do not share your key with anyone else.
  • Use a hard-to-guess PIN (eight characters recommended).
  • Never write your PIN on the key!
• Do not leave your key plugged in when not using the device.
• Use a key with a touch sensor that requires you to be physically present. (Recommended YubiKey options have this!)
• If you lose a key, promptly remove it from your accounts.