Key Points
- SMS is a NIST "restricted authenticator"; CISA and the FBI told people to stop using it as a second factor.
- TOTP codes get phished in real time by attacker-in-the-middle proxies that relay your code within seconds.
- FIDO2/WebAuthn binds to a site's exact origin, so the code cannot be relayed. Google put keys on 85,000+ staff and reported zero account phishing since.
- A Trezor is a full FIDO2 key, and its non-resident credentials rebuild from your recovery seed. A YubiKey cannot be copied at all.
- One seed backing both coins and logins is also one point of failure. For 2FA, use a separate device with its own seed.
The 2FA ladder
Not every second factor is equal. Rank them worst to best and the choice gets obvious.
SMS sits at the bottom. NIST SP 800-63B-4 classifies one-time codes sent over SMS or the phone network as a "restricted authenticator." In December 2024, CISA and the FBI put it plainly: do not use SMS as a second factor, because it is not encrypted and is exposed to SS7 interception and SIM-swap attacks.
TOTP is the next rung up, and still phishable. That six-digit code from Authy, Google Authenticator, or Aegis beats SMS, but it does not stop a real-time attack. Kits like Evilginx run a reverse proxy between you and the real login page: you type your password and code into the fake page, the proxy relays both to the real site in real time and walks off with your session cookie. Microsoft tracked a 146% year-over-year jump in these attacker-in-the-middle attacks in 2024. (Picking a code app anyway? See our 2FA app comparison.)
FIDO2/WebAuthn sits on top, and the reason is origin binding. When you register a hardware key to a site, the browser ties that credential to the site's exact origin, and at sign-in it refuses to hand a signature to any other origin. A phishing proxy on a look-alike domain gets nothing, because the domain does not match. The browser enforces this at signature time. The proof is operational: Google made security keys mandatory for its 85,000+ employees back in early 2017 and has reported zero successful account phishing since. For the ground rules, see our two-factor authentication guide.
Passkeys are FIDO2 with a friendlier name. By 2026 they are everywhere: the FIDO Alliance counted roughly 5 billion passkeys, with 75% of consumers having enabled at least one. Two flavors matter. Synced passkeys live in iCloud Keychain, Google Password Manager, or your password manager, follow you across devices, and inherit the security of that sync account. Device-bound passkeys never leave the hardware: stronger, but lose the device and you need a second registered key to get back in. A hardware key is where device-bound lives.
Your hardware wallet is also a security key
If you own a Trezor, you already own a FIDO2 authenticator.
The Trezor Safe 3, Safe 5, and Safe 7, plus the retired Model T, are full FIDO2 and U2F authenticators. Trezor's own guide spells out the fine print: FIDO2 works over USB only (the Bluetooth on the Safe 5 and Safe 7 does not carry it), and you need the universal firmware, because the Bitcoin-only firmware drops the feature. The older Model One is U2F-only. Chrome, Firefox, Edge, and Safari all speak FIDO2 and U2F natively, so there is no extra software to install.
The current lineup runs from the Safe 3 up to the Trezor Safe 7 (affiliate link, see our disclosure). The Safe 7 lists at $249 and ships a TROPIC01 auditable secure element with USB-C and Bluetooth. For the full teardown, read our Trezor review.
💰 Affiliate Disclosure
We participate in Trezor's affiliate program, so the two Trezor links on this page earn the site a commission at no extra cost to you. It changes nothing about the analysis: the honesty section below, single-point-of-failure warning included, is exactly what we would write with no program at all. Read our full affiliate disclosure.
The one thing a YubiKey cannot do
Now the differentiator. A YubiKey cannot be duplicated. That is by design, a real security property with a cost. Yubico's own recovery advice is to buy a spare key and register it on every account, because if you lose your only key you are locked out and there is no backup.
A Trezor takes the opposite approach for U2F and non-resident FIDO2 credentials: it derives them deterministically from your recovery seed. This is specified in SLIP-0022. The credential's secret is encrypted with ChaCha20Poly1305 inside the credential ID that the website stores, and the keys come from your master secret via SLIP-0010, which makes the authenticator "nearly stateless." The site holds an encrypted blob, your seed holds the key to it. Trezor states it directly: "U2F security key registrations are derived from your wallet backup. Restore your backup on a new Trezor and they work again automatically."
Your twelve or twenty-four words back up your crypto keys and your 2FA registrations. Lose the device, buy a new one, restore the seed, and your logins come back with no re-enrollment. No YubiKey can do that, because a YubiKey has no seed to restore from.
The honesty core: read this before you rely on it
⚠️ What the seed does not save, and the trap it creates
Resident credentials do not come back. Resident (discoverable) credentials are what make passkeys work: the login data is stored on the device itself, and the seed does not cover them. Trezor says so plainly: if your Trezor is wiped or lost, you will need to re-register passkeys with the service. There is a manual escape hatch (a trezorctl FIDO credentials export), but it is expert-grade.
The U2F counter can trip up some sites. FIDO authenticators keep a signature counter, and after a seed restore that counter can look wrong to a service. Forum reports say some sites accept a restored registration and some reject it, so treat "restore and it just works" as usually true, not guaranteed, and expect it to vary by site.
One seed is one point of failure. This is the big one. If your seed backs both your coins and your logins, leaking it hands an attacker your crypto and your accounts in the same breath. Security practitioners have flagged exactly this coupling and recommend keeping separate seeds for crypto and for 2FA. And do not assume a BIP39 passphrase saves you: on Trezor, FIDO2 and U2F keys derive without the passphrase, so your hidden wallets all share one FIDO identity. The firmware source confirms it: the WebAuthn credential code derives without the passphrase. The fix is cheap: use a separate device with its own seed, dedicated to 2FA. Whatever you pick, register at least two independent keys on every important account.
We use Trezor Safe devices ourselves (a Safe 3, a Safe 5, and a Safe 7 between us) as FIDO2 keys and for other signing and encryption work beyond crypto storage.
The field
FIDO2 is a standard, so you have choices. The short, honest read on each:
- YubiKey 5 (Yubico): the default. Firmware 5.7 raised the passkey limit to 100 (up from 25) and holds 64 OATH seeds. Closed-source firmware, cannot be duplicated, buy-a-spare model, widely supported.
- Nitrokey 3 (Germany): open-source Rust firmware (the Trussed framework), FIDO2 plus OTP and OpenPGP, built on an EAL6+ SE050 secure element, around EUR 59. If open source and a European supply chain matter to you, this is the pick. We use Nitrokeys too.
- SoloKeys / Solo 2: the open-hardware darling that went quiet. As of 2026 the project is largely dormant on funding constraints, though its technology fed into Nitrokey's Trussed stack. Do not build a plan around new Solo hardware right now.
- Token2 (Switzerland): the budget standout. The PIN+ R3 holds 300 resident keys, supports FIDO2.1, and is open-source with a third-party audit. Cheap and capable.
- OnlyKey: the odd one out, in a good way. It supports an encrypted backup and restore via a passphrase, so it is not strictly a one-and-done device. Do not confuse it with OneKey, which is a different company entirely.
- Google Titan: hardware manufactured by Feitian, firmware written by Google. The 2019 Bluetooth flaw is historical; the current line is USB and NFC.
Which one should you buy?
Pick by who you are.
- You already own a Trezor and hold crypto: use it. You get a phishing-resistant key whose registrations ride along with the seed you are already guarding, and one less gadget to carry.
- You want maximum openness or a European supply chain: Nitrokey 3 or Token2.
- You want the boring, universally supported default: two YubiKey 5s, one in your pocket and one in a drawer.
- You are on a tight budget: Token2.
Whatever you buy, register two keys per account. Ready to pick up hardware?
For a side-by-side of every key here, read our hardware security keys comparison. One thing coming soon to the site: per-operating-system how-tos for using a Trezor as an SSH key on Linux, macOS, and Windows.
Resources
- NIST - SP 800-63B-4, Digital Identity Guidelines (SMS as a restricted authenticator)
- CISA and FBI - Mobile Communications Best Practices (December 2024)
- FIDO Alliance - Google Security Keys Case Study (zero phishing across 85,000+ staff)
- Trezor - Using Your Trezor as a Security Key (FIDO2 and U2F)
- SatoshiLabs - SLIP-0022, FIDO2 credential derivation from the master secret
- Dmitry Frank - Backing up a U2F token (why to keep crypto and 2FA seeds separate)