Kensington VeriMark NFC+ Keys Offer Hardware-Backed Alternative to Passwords

The key simply refuses to authenticate because the cryptographic challenge doesn't match.
Explaining why hardware security keys are phishing-resistant by design, even on fake login pages.

For as long as digital life has required passwords, it has also required people to be fallible — and attackers have exploited that fallibility with ruthless efficiency. Kensington's release of the VeriMark NFC+ Security Keys marks a quiet but consequential moment: a small hardware device, built on the FIDO2 cryptographic standard, that removes the human from the weakest link entirely. By anchoring identity to a physical chip rather than a memorized secret, the technology renders phishing structurally impossible and reframes authentication as something you carry rather than something you know. The industry's largest platforms are already moving in this direction, and this key is one of the clearest signs yet that the password's long reign may finally be ending.

  • Decades of password-based security have failed not because the idea was flawed in theory, but because human behaviour — reuse, forgetfulness, susceptibility to deception — made it catastrophically fragile in practice.
  • Even two-factor authentication via SMS has been undermined, as attackers learned to intercept codes or manipulate phone carriers, leaving users with a false sense of protection.
  • Kensington's NFC+ key responds to this crisis by moving authentication entirely into hardware: a cryptographic chip that taps to verify identity, works across every major platform and service, and physically cannot authenticate on a fake website.
  • The key's IP68 durability rating, batteryless design, and compatibility with USB-A and USB-C signal that this is built for everyday, long-term use — not a niche enterprise tool but a practical replacement for the wallet of passwords most people carry in their heads.
  • At $99.95 with a recommended backup, the barrier to entry is low, and with Microsoft, Google, and Apple all accelerating toward FIDO2 and passkey standards, the infrastructure to support this shift is already arriving.

For decades, the password has been cybersecurity's most exploitable weakness — forgotten, reused, phished, and leaked in breach after breach. Even SMS-based two-factor authentication has proven vulnerable, as attackers found ways to intercept codes or social-engineer phone carriers. Kensington, long known for the physical security slot on business laptops, has now entered this space with the VeriMark NFC+ Security Keys: a small hardware device that replaces passwords with cryptography embedded in the device itself.

The mechanism is elegantly simple. Rather than typing something you know, you tap the key against your phone or insert it into a port, and a secure chip performs a cryptographic exchange with the service you're logging into. No apps, no pairing, no batteries. The key supports Windows, macOS, ChromeOS, Android, iOS, and Linux — any platform built around the FIDO2 passwordless standard. One key carries all your credentials and works everywhere.

The security benefit goes beyond convenience. On a fake login page, the key refuses to authenticate — the cryptographic challenge simply doesn't match. Phishing becomes structurally ineffective. Even if a username and password are exposed in a breach, they are useless without the physical key. Credentials stored on the device remain invisible to malware, unlike passwords saved in browsers or codes sent by text.

Kensington offers the key in USB-A and USB-C versions, both rated IP68 for dust and water resistance and designed to live on a keyring for years. Compatible services already include Microsoft 365, Google, Apple ID, GitHub, AWS, Dropbox, Salesforce, and thousands of enterprise providers. Setup requires adding the key to each service once — after that, authentication becomes a single tap or press.

At $99.95, with a second key recommended as backup, the investment is modest. More significantly, Kensington is not alone in this direction: Microsoft, Google, and Apple are all actively pushing their platforms toward FIDO2 and passkey support. For anyone weary of managing passwords or worried about phishing, the transition has become both practical and, increasingly, hard to ignore.

For decades, the password has been cybersecurity's most vulnerable point. People forget them, reuse the same one across dozens of sites, scribble them on sticky notes, fall for phishing schemes designed to steal them, and watch helplessly as databases containing them get breached. Even adding a second layer—a code texted to your phone—has proven insufficient, as attackers have learned to intercept those messages or trick phone carriers into handing over access. The technology industry has finally moved past this broken model. Kensington, the accessory maker best known for the physical security slot on business laptops, has released the VeriMark NFC+ Security Keys, a small hardware device that replaces passwords entirely with something far harder to compromise: cryptography built into the device itself.

The appeal is straightforward. Instead of proving who you are by typing something you know, these keys prove your identity through hardware that cannot be copied or stolen remotely. The device contains a secure chip that performs cryptographic calculations. When you try to log in to a service—say, your Microsoft 365 account on a phone—you simply tap the key against the back of your device, much like making a contactless payment. The phone reads the secure chip over NFC, or near-field communication, and completes the authentication. No apps to run, no pairing required, no batteries to charge. The key works across Windows, macOS, ChromeOS, Android, iPhone, iPad, Linux—any device that supports the FIDO2 passwordless protocol. One key holds all your credentials and works everywhere.

The security advantage cuts deeper than convenience. If you land on a fake Microsoft or Google login page, the key simply refuses to authenticate. The cryptographic challenge doesn't match the genuine website. Phishing, by design, becomes ineffective. Even if your username and password somehow leak, the attacker cannot use them without the physical key in hand. You can assign a different, impossibly complex password to every service you use, letting the hardware do the work of managing authentication. The credentials stored on the key are locked away and invisible to malware running on your computer—a stark contrast to passwords saved in browsers or one-time codes sent via email or text.

Kensington has been manufacturing security products since the early 1980s, expanding from the iconic security slot into docking stations, privacy screens, webcams, and increasingly sophisticated security devices. The VeriMark NFC+ comes in two identical versions: USB-A for desktops and older laptops, USB-C for modern devices and phones. The hardware itself is built for durability. It carries an IP68 rating, the highest standard for everyday consumer electronics, meaning it is completely dustproof and can survive submersion in water. It is designed to live on a keyring for years.

The list of services that support the key is already substantial and growing: Microsoft Entra ID, Microsoft 365, Windows login, Google accounts, Apple ID, GitHub, AWS, Dropbox, Salesforce, and thousands of enterprise single-sign-on providers like Okta. The setup requires upfront effort—adding the key to each service that supports it—but once complete, the process becomes automatic. Insert or tap the key, press the button, and you are logged in. No typing, no fumbling with codes, no apps to open. The hardware becomes invisible.

The initial investment is modest. Kensington's recommended retail price is $99.95 per key. The company suggests keeping a second key as backup in case the primary one is lost or damaged, a reasonable precaution for anyone serious about security. The broader shift toward passwordless authentication is not a Kensington initiative alone. Microsoft, Google, and Apple are all pushing their platforms toward FIDO2 and passkey support. Cybersecurity researchers and vendors across the industry view hardware-based authentication as the inevitable future. For anyone concerned about phishing, data theft, or simply tired of managing passwords, the transition has become both practical and urgent. Once you have used a hardware security key, returning to passwords feels like a step backward.

Once you've used hardware authentication, it's surprisingly difficult to go back to passwords.
— iTWire review
The Hearth Conversation Another angle on the story
Inventor

Why does a physical key matter more than a password, even a strong one?

Model

Because a password lives in your head or on a server somewhere. An attacker who tricks you into typing it on a fake website gets it. A hardware key, by contrast, performs a calculation that only works on the real website. The fake site cannot complete the authentication, no matter how convincing it looks.

Inventor

So the key is phishing-proof?

Model

By design, yes. The cryptography is built into the hardware. There is no way to extract it or replay it. Even if someone steals your password, they cannot use it without the physical device.

Inventor

What happens if I lose the key?

Model

That is why Kensington recommends having a second one. You register both with your accounts. If one is lost, the other still works. You can also set up backup authentication methods, though the whole point is to move away from those.

Inventor

Does it work on my phone?

Model

Yes. The USB-C version works with modern phones, tablets, and laptops. You simply tap it against the back of your device. No apps, no pairing, no Bluetooth. The phone reads the secure chip over NFC.

Inventor

What if a service I use doesn't support it yet?

Model

Then you still need a password for that service. But the major platforms—Microsoft, Google, Apple, AWS—all support it now. The list grows constantly. Eventually, passwords will become rare.

Inventor

Is this just for IT administrators and security paranoids?

Model

No. It is for anyone who uses the internet. Journalists, executives, remote workers, travelers, parents protecting family accounts—anyone who wants faster, more secure login. Once you use it, going back to passwords feels primitive.

Contact Us FAQ