diff --git a/docs/contributing/commit-signing.mdx b/docs/contributing/commit-signing.mdx
index 98770222c..1ca6e98ec 100644
--- a/docs/contributing/commit-signing.mdx
+++ b/docs/contributing/commit-signing.mdx
@@ -27,7 +27,9 @@ GitHub supports [commit signing][github-verification] with SSH, GPG, and S/MIME.
 
 If you're unsure what to use, <strong>we recommend you create a commit signing key using SSH per
 latest security best practices </strong> (see the
-[PGP problem](https://www.latacora.com/blog/2019/07/16/the-pgp-problem/) for more details).
+[PGP problem](https://www.latacora.com/blog/2019/07/16/the-pgp-problem/) for more details). For
+maximum security, consider using a [hardware-backed SSH key](#hardware-backed-ssh-key-configuration)
+(YubiKey or other FIDO2 device) as your signing key.
 
 :::