Skip to main content
University of Florida
NaviGator AI home page NaviGator AI

Security Keys

What is a security key?

A security key, also known as a security token, is a physical secondary device that relies on your primary device — such as a desktop workstation or laptop — to provide strong, phishing-resistant two-factor or passwordless authentication.

Why use a security key?

  • Provides a fast, secure alternative to Duo Mobile app or phone calls.
  • No batteries or mobile app required — works offline.
  • Resistant to phishing and SIM-swap attacks.
  • Compact and durable for everyday use.

Where can I get a security key?

Security keys can be purchased directly from manufacturers that specialize in security keys or from large online retailers. Before purchasing a security key, confirm the key is compatible with your device type and it is recommended that keys support WebAuthN/FIDO2 (all keys linked support that standard). Keys can come in different connector types, such as USB-A or USB-C. Typical prices range from $25 to $70 USD, depending on the model.

Key family FIDO2 / WebAuthn OpenPGP PIV (Smart Card) NFC
YubiKey 5 Series Yes Yes Yes Yes (select models)
Google Titan Yes No No Yes
Security Key by Yubico Yes No No Yes (select models)
  • FIDO2 / WebAuthn: Modern, phishing-resistant standard used for passkeys and passwordless logins.
  • OpenPGP: Supports secure encryption and digital signing for email or files.
  • PIV (Smart Card): Enables a key to function like a smart ID badge for system or enterprise login.
  • NFC: Allows the key to authenticate wirelessly with supported phones and devices.

For most users, a FIDO2-compatible key such as the Security Key by Yubico or the Google Titan Security Key will provide strong, simple, and reliable protection for campus systems and online accounts.

How do I register my security key?

To register a security key, go to the Multi-Factor Authentication Management Portal, log in, and add it as a new device. For technical assistance with security keys, please contact the UFIT Help Desk at (352) 392-HELP (4357).

When is a FIPS model required?

The FIPS-certified security key is designed for organizations that must meet U.S. Federal Information Processing Standards (FIPS 140-2) for cryptographic security. Most UF users do not need a FIPS model; however, it may be required for departments or research projects that handle federally regulated or sensitive data such as HIPAA, FERPA or government-sponsored research subject to federal cybersecurity standards. 

A recommended FIPS security key can be purchased here.

If your unit is subject to federal compliance requirements or contracts that specify FIPS-validated hardware, you should select a FIPS-certified security key. For questions about whether your project requires FIPS-validated devices, contact UFIT's Information Security Office.