FIDO2 Security Key Reviews

FIDO2 security keys are increasingly becoming the “modern smartcard” for organizations that are looking to go passwordless, including those within the Microsoft ecosystem of cloud and hybrid identity. As with Windows Hello for Business (WHfB), they provide the power of asymmetric key-pair based authentication. But unlike WHfB, where the key-pair is bound to the TPM, FIDO2 security keys allow for secure portability of those credentials. The private key still never leaves the FIDO2 security key, but you have the convenience of using the same set of credentials on whatever device you connect it to. At a high-level, you can think of them as a "TPM on a stick".

The intention of this site is to continually keep track of the FIDO2 options out there - all the design choices, features, and options can be dizzying at times. Along with this, a quick review will help you understand what keys may stand out, and what keys have problems. The focus is on compatibility with Azure Active Directory, even though these keys should work similarly for any identity provider that supports FIDO2 (or FIDO U2F for those that provide such).

Before we jump into things, just a few notes:

• Some of these keys I’ve purchased myself, and some of them have been provided to me by the vendor. Regardless, that does not influence the review of the key.
• If you are a vendor and see a model missing that you would like within the review, please reach out to me on LinkedIn or Twitter.
• I’m an identity nerd, not a salesperson. The only thing I want to sell you is going passwordless. I don’t provide an objective score, which is on purpose. I want to provide insight into the devices and let you decide for yourself.
• Any links to Amazon are affiliate links – it helps pay the bills for the site.