Security Keys

What is a security key?

A security key, also known as a security token, is a physical secondary device that relies on your primary device — such as a desktop workstation or laptop — to provide strong, phishing-resistant two-factor or passwordless authentication.

Why use a security key?

• Provides a fast, secure alternative to Duo Mobile app or phone calls.
• No batteries or mobile app required — works offline.
• Resistant to phishing and SIM-swap attacks.
• Compact and durable for everyday use.

Where can I get a security key?

Security keys can be purchased directly from manufacturers that specialize in security keys or from large online retailers:

• YubiKey
• Google
• Feitian
• Solo Keys

Before purchasing a security key, confirm the key is compatible with your device type. Keys can come in different connector types, such as USB-A or USB-C. Typical prices range from $50 to $70 USD, depending on the model.

How do I register my security key?

To register a security key, go to the Multi-Factor Authentication Management Portal, log in, and add it as a new device. For technical assistance with security keys, please contact the UFIT Help Desk at (352) 392-HELP (4357).

When is a FIPS model required?

The FIPS-certified security key is designed for organizations that must meet U.S. Federal Information Processing Standards (FIPS 140-2) for cryptographic security. Most UF users do not need a FIPS model; however, it may be required for departments or research projects that handle federally regulated or sensitive data such as HIPAA, FERPA or government-sponsored research subject to federal cybersecurity standards. 

If your unit is subject to federal compliance requirements or contracts that specify FIPS-validated hardware, you should select a FIPS-certified security key. For questions about whether your project requires FIPS-validated devices, contact UFIT's Information Security Office.