A software application, regardless if it’s on your computer or your smartphone, can be easily targeted and misused by malware – which has already happened to SMS and authentication apps. The best security practice is to move user credentials to a separate hardware device not connected to the internet. The YubiKey and Yubico FIDO U2F Security Key are hardware-backed devices that contain a secure element that provides a high level of physical protection, preventing user credentials from being easily extracted.