Which hardware MFA key: YubiKey, Solokeys or Token2?
All three support FIDO2 and WebAuthn. The difference is protocols, management and price. YubiKey is the safe default for most SMBs. Solokeys fits if you want open-source firmware. Token2 is interesting for bulk on a budget.
Try this first
- 1List the protocols you need. Microsoft 365 or Google Workspace only: FIDO2 and WebAuthn are enough. Add smartcard login, PGP keys or OATH-TOTP: you need a YubiKey 5 series, since Solo 2 and Token2 do not cover all of those.
- 2Per-unit pricing: YubiKey 5 NFC around 50 to 60 euro, Solo 2 USB-A around 35 euro, Token2 around 15 to 25 euro per unit in bulk. Always buy 2 keys per user (primary and backup), or one loss costs a day.
- 3Pick the form factor. USB-C for modern laptops, USB-A for older docks and home setups, NFC for phone login. Mix per user where needed.
- 4Rollout: Microsoft Entra Authentication Methods or Google Admin lets you enforce FIDO2 keys per group. Register at least two keys per account before you enforce MFA, otherwise you lock someone out.
- 5Record serials per user in a restricted register. On loss you can revoke that one key in Entra or Workspace instead of triggering a full MFA reset.
When to bring us in
Stuck between a full FIDO2 rollout and the existing Microsoft Authenticator flow, or planning a passwordless path, that is a few hours of scoping worth doing. We have run it for SMBs from 10 to 100 users.
See also
- Should we buy or lease laptops as a 5-person company?Both work. Lease is predictable but pricier over the term; buying needs cash and your own depreciation. The difference is mostly admin.
- Is buying refurbished smart or asking for trouble?For office work fine, if from a serious vendor with warranty and a clean OS install. The trap is shady marketplace listings.
- How much RAM and SSD for office work in 2026?Rule of thumb for knowledge work: 16 GB RAM and 512 GB SSD as a comfortable minimum. 8 GB already feels tight; 32 GB is for heavy tools.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.