With hacking rife these days, it’s been getting more and more difficult to secure our online accounts. And although two-factor verification solves this problem, most users do not use it. Now, Facebook is allowing users to secure their accounts with physical key.
Facebook suggests that its users set up two-factor authentication, also know as login approvals on their accounts, to keep them safe from hacking. It’s much safer than only having a password, but it does have its caveats. For example, you will always need access to a phone when logging in from a new browser or device. But what happens when you run out of battery, or can’t get a signal? Not that practical, right?
Right! To address this issue, Facebook is now also offering Security Key access, allowing users to “register a physical security key to [their] account.” The security key goes in the USB slot on your computer, and removes the necessity for SMS login approvals. In recent post announcing the feature, Brad Hill, Security Engineer at Facebook explained that
Security keys can be purchased through companies like Yubico, and the keys support the open Universal 2nd Factor (U2F) standard hosted by the FIDO Alliance.
You can now add a security key to your account from the Facebook Security Settings page, as seen below.
Hill also went on to explain that security keys provide several important benefits:
– Phishing protection: Your login is practically immune to phishing because you don’t have to enter a code yourself and the hardware provides cryptographic proof that it’s in your machine.
– Interoperable: Security keys that support U2F don’t just work for Facebook accounts. You can use the same key for any supported online account (e.g. Google, Dropbox, GitHub, Salesforce), and those accounts can stay safe because the key doesn’t retain any records of where it is used.
– Fast login: If you use a security key with your desktop computer, logging in is as simple as a tap on the key after your enter your password.
While security keys are a good way to secure your account, they still only work on some mobile devices and browsers. For this reason, users will still need to register a Code Generator, or use the usual SMS login approvals. For example, you need to be using the latest version of Chrome or Opera to register a Security Key. Also, it’s not available on Facebook‘s mobile app, but
if you have an NFC-capable Android device with the latest version of Chrome and Google Authenticator installed, you can use an NFC-capable key to log in from our mobile website.
You can read more about setting up your security key here.