Security Practices

Security Key

A security key is a physical authentication device, such as a YubiKey, that proves your identity to a website without relying on SMS codes. It is one of the best protections for email, password managers, exchanges, and other Bitcoin-adjacent accounts.

How It Works

Security keys use standards such as FIDO2 or WebAuthn. When you log in, the website asks the key to sign a challenge. The key only works for the real website it was registered with, so a fake login page cannot reuse the response.

This is why security keys are stronger than SMS codes and many authenticator prompts. They resist phishing instead of asking you to notice every fake domain.

Use security keys on your email account first. Then add them to your password manager, exchange accounts, cloud storage, domain registrar, and any account that can reset another account.

Key Points

  • Physical second factor for account login
  • Strong protection against phishing and SIM swaps
  • Best used on email, password manager, exchange, and cloud accounts
  • Keep at least two keys registered and stored separately
  • Not a Bitcoin hardware wallet and not a place to store seed words