Skip to main content

Security keys

Information about NHS CIS2 authentication security keys.

Security keys are typically small physical devices that connect to devices via a USB port or NFC.

They are a simpler alternative to smartcards that require no installation of software or certificate renewal and are small and convenient enough to be attached to a set of keys or a lanyard.

See a list of supported keys.


Benefits for users
  • Users can share desktops/laptops and authenticate with their own individual security key
  • No need for a smartcard or reader
  • Enables secure authentication to national clinical information systems over the internet

Choosing security keys

Users tend to find authenticating with security keys works well when they:

  • access multiple machines
  • are quite mobile, working in different buildings/offices

Live environment security keys

CIS2 Authentication allows security keys to be used if they meet FIDO2 Certificate Level 2.

To see which security keys meet FIDO2 Certificate Level 2, go to the FIDO Certified Products page (opens in a new window) and use these filter options:

  • Specification: FIDO2
  • Company: leave blank
  • Type: Authenticator
  • Authenticator Level: Level 2
  • Product Name: leave blank


NHS CIS2 Authentication is a platinum service, supported 24 hours a day, 7 days a week.

See our latest availability statistics.

Case study

Dentists in London accessing e-RS

The organisation and service

NHS North East London ICB wanted their dentists to be able to refer patients for treatments using e-RS without the restriction of having to use a desktop connected to a HSCN

Moving to NHS CIS2 Authentication

Yubikey 5 security keys were procured by local IT and provided to the users.

To start using NHS CIS2 Authentication, the dentists needed to meet with their RA who helped them to register the security key to the user's Care Identity profile.

The experience

The dentists in London found the registration process to be very quick and simple.

They can now refer patients using e-RS over the internet using their security key to authenticate.

Considerations for organisations providing IT Support

  • No additional software is needed as it uses open standards - just procure, register and use
  • No certificate renewals required


The procurement and distribution of security keys is the responsibility of the Trust, organisation or user.

Only Security Keys that meet NHS England cyber security standards are acceptable for use with NHS CIS2 Authentication (see above).

Registering devices to users

Each user must:

Network configuration

NHS CIS2 Authentication is primarily an Internet Only service, therefore, some configuration may be required to enable access:

  • out to NHS CIS2 Authentication
  • in from NHS CIS2 Authentication