Skip to main content

Reading is great. Tracking makes it stick. Sign up for a free Dashboard to tick off tasks and see your Security Score.

Get my free Dashboard →
User AccessMedium priority

About 30 minutes to complete

Use a physical security key to lock down your most important accounts

A hardware security key (such as a YubiKey) is the most secure form of two-step verification available. Adding one to your email account and other critical accounts eliminates the risk of phishing-based account takeover entirely.

Why this matters

A hardware security key is the most phishing-resistant form of two-step verification available. Unlike SMS codes or authenticator apps, a hardware key cannot be intercepted — it verifies the exact website domain it is being used on, so it will refuse to authenticate on a fake login page even if you click a convincing phishing link.

How to do it

  1. Purchase a hardware security key such as a YubiKey 5 NFC (£50–60) — it works with USB-A and NFC for phones. Titan Security Keys from Google are also an option.
  2. Register the key with your email account first — in Gmail, go to Security → 2-step verification → Add security key and follow the on-screen instructions.
  3. Register the same key with any other critical accounts that support hardware keys: Microsoft, GitHub, Dropbox, and most banking apps.
  4. Purchase a second key and register it as a backup on the same accounts — store the backup key somewhere physically separate from the primary.
  5. Keep your authenticator app or backup codes active until the hardware key is set up and confirmed working — do not remove other 2FA methods until you have successfully authenticated with the key.

Need a more detailed walkthrough?

Our step-by-step guide explains each action in full detail, with confirmation steps and related tasks.

View full step-by-step guide →

Cyber Essentials framework

This task falls under the User Accesscontrol, one of five areas assessed in the UK's Cyber Essentials scheme. Completing it counts toward your Cyber Essentials alignment. Create a free account to track your progress across all five areas.

Track your security score for free

Create a free Cyber Nova AI account to tick off tasks like this one, see your Security Score, and stay on top of what you've done and what's still to do.

Start your free security check