-
Pros
- Uses open-source firmware
- Connects via USB-C and NFC
- Can encrypt your data, such as emails
-
Cons
- Expensive
- NFC not recognized on Android
- Disorganized product documentation
Nitrokey 3C NFC Specs
| Authentication Specifications | FIDO U2F |
| Authentication Specifications | FIDO2 |
| Authentication Specifications | WebAuthn/CTAP |
| Connector | USB-C |
| Wireless Specification | NFC |
The Nitrokey 3C NFC (59 euros, or about $64.98 as of this writing) is a hardware security key with open-source firmware and a list of authentication protocols that should satisfy most users, and it's even capable of encrypting your emails. While we like the Nitrokey, we did run into problems testing its wireless functionality with a mobile device, and we wish the company behind the key provided more tutorials or documentation to help onboard new users. It's also mighty expensive compared with other keys, including our Editors' Choice winner for security keys, the simple and straightforward Yubico Security Key C NFC ($29).
How Much Does Nitrokey 3C NFC Cost?
The Nitrokey 3C NFC's authentication standards are a little more varied than those of less expensive and more popular starter keys like Google's Titan Key ($30) or the aforementioned Yubico Security Key. Both support the following authentication standards: FIDO2 CTAP1, FIDO2 CTAP2, Universal 2nd Factor (U2F), and WebAuthn. Nitrokey 3C NFC adds support for HMAC-Based One-Time Passwords and Time-Based One-Time Passwords to that list.
(Credit: Kim Key)Like the pro-level $55 YubiKey 5C NFC, the Nitrokey 3C NFC supports OpenPGP, so users can encrypt data such as emails and information stored on hard drives and unlock it using GnuPG, open-source encryption and decryption software.
The Nitrokey can function as a smart card, like the YubiKey 5C NFC, but unlike that device, this particular feature isn't quite ready for prime time. Nitrokey doesn't recommend using the test firmware required for smart card functionality in a production environment just yet. On the website, the company recommends using this feature "with caution."
Business users may be interested in Nitrokey's support for passwordless logins on computers managed by Azure Active Directory. The aforementioned YubiKey 5C NFC works with a long list of enterprise services, including AWS Identity and Access Management (IAM), Duo Security, Forgerock, Idaptive, Microsoft Azure Active Directory, Okta, OneLogin, and Ping Identity.
Nitrokey 3C NFC Design and Build
The Nitrokey 3C NFC isn't quite as sleek looking as the YubiKeys, with all their cool curves and signature brass verification buttons. It feels solid for such a little device, though. On one end is a USB-C connector, and there's a non-reinforced hole for a key ring on the other side. A light flashes on the key when you touch it to confirm your identity, but it does not have a fingerprint reader.
(Credit: Kim Key)We like that Nitrokeys use upgradable and open-source firmware, unlike YubiKeys. This means that you can update the key when new features are announced instead of having to buy a new one.
Updating the firmware happens via Nitrokey's apps, which are only available for desktop users. We downloaded the Nitrokey 2 app on a Windows machine while testing the device. The app includes a very basic password manager, as well as the ability to check for and execute firmware updates. We like that the app doesn't allow screenshots on Windows.
Nitrokey's product documentation could be a bit more straightforward. Information about the app, ways to use the included password manager, and even the key's features are scattered across the Nitrokey website. A video or dedicated page showing exactly how to use the device and the app would be helpful for users who are new to security keys. By comparison, Yubico has lots of videos on its website to help new users enroll their hardware security keys on different platforms and websites.
Hands On With the Nitrokey 3C NFC
Nitrokey 3C NFC works with Linux, macOS, and Windows machines. The website documentation states the device offers "some support for Android and iOS." We tested the device using a desktop computer running Windows 10 and a Samsung Galaxy A71 5G.
(Credit: X)First, we logged into a test account on X and added the Nitrokey by visiting the Security and Privacy section. We then followed the on-screen prompts and tapped the top of the key when prompted. The next time we logged into the X account, it requested a touch confirmation via the security key to verify our identity. It was an easy setup and execution from start to finish, which is ideal.
We ran into a little trouble on the Android device, however. We couldn't get the NFC capability to work in testing and we even checked to make sure we were tapping the correct NFC detection area on the device. Thankfully, we were still able to test the device using the USB-C connection on the Samsung Galaxy A71 5G. We logged into a test Gmail account and opted to add a passkey to the account via the Nitrokey 3C NFC. We then plugged the key into the USB-C port on the phone and tapped the key when asked to do so. Adding the passkey and then using it to log in later worked as expected.
Verdict: Open-Source, But Expensive
The Nitrokey 3C NFC can authenticate your accounts and encrypt your emails, which is good. We like that it works with popular business software, and the upgradable open-source firmware means you won't need to replace the key periodically. We did experience some issues with the key's NFC capability while testing it, however, and the price is high when compared with similar security keys. If you're a new hardware key convert who is looking for easy-to-adopt protection from a hardware security key, go with our Editors' Choice winner, the Yubico Security Key NFC. It's less expensive than the Nitrokey 3C NFC and provides similar authentication capabilities.