Error 404 Learning Guide

Security Keys (YubiKey & Passkeys)

A security key is a small physical device that can protect important accounts with very strong two-factor authentication.

Beginner note:
Security keys are excellent, but they are more advanced than using an authenticator app. You usually have to buy one, register it with your accounts, and keep a backup plan. Do not start here if passwords and basic 2FA are still new to you.

What is a security key?

A security key is a physical device, such as a YubiKey, that proves it is really you when you sign in. After entering your password, the website asks for your key. You plug it in, tap it, or use NFC with your phone.

This makes phishing much harder because a fake website cannot easily trick the key in the same way it can trick a person into typing a code.

When does a security key make sense?

  • You want stronger protection for your email account.
  • You manage important work, admin, or financial accounts.
  • You already understand passwords and basic two-factor authentication.
  • You are comfortable keeping a backup key or recovery method safe.

When should you wait?

  • If you are still learning how password managers work.
  • If you only have one key and no recovery plan.
  • If buying hardware is a barrier right now.
  • If the account you want to protect does not support security keys.

What you need

  • A security key, such as a YubiKey or another FIDO2/WebAuthn compatible key.
  • A device with USB, USB-C, Lightning, or NFC support, depending on the key.
  • An account that supports security keys, such as Google, Microsoft, GitHub, Facebook, or many password managers.

Important: have a backup plan

Do not add one security key to an important account and call it finished.

If possible, register two keys: one you carry or keep nearby, and one backup key stored safely at home. Also save recovery codes if the service gives them to you.

Simple setup idea

  1. Start with your main email account.
  2. Enable two-factor authentication if it is not already enabled.
  3. Add your security key in the account security settings.
  4. Add a second backup key or save recovery codes.
  5. Test login before relying on it fully.

Final advice

Security keys are one of the strongest ways to protect important accounts, but they are not the first step for everyone.

For most beginners, start with a password manager and an authenticator app first. Once that feels normal, security keys are a great next upgrade.

Related: if you are still choosing a password manager, start with the beginner comparison first.

Password Manager Comparison