Facebook users can now use a security key to authenticate their identity during the login process. If you use a security key, hackers won’t be able to get into your Facebook account, even if they have your username and password, Joinfo.com reports with reference to TechCrunch.
Security keys are a form of two-factor authentication — an optional extra layer of security that helps you prove your identity when you log in.
During a typical two-factor authentication process, the user enters their username and password, then the site they’re logging in to responds by texting them verification code (SMS).
But, as Facebook says in a statement, SMS isn’t always reliable and having a phone back-up available may not work well for everyone.
“Starting today, you can register a physical security key to your account so that the next time you log in after enabling login approvals, you’ll simply tap a small hardware device that goes in the USB drive of your computer. Security keys can be purchased through companies like Yubico, and the keys support the open Universal 2nd Factor (U2F) standard hosted by the FIDO Alliance,” Facebook said.
Brad Hill, a security engineer at Facebook, says it was easy for the company to roll out the feature because it was already used in-house by the engineering staff for logging in to internal systems. It was simply a matter of extending the feature to Facebook’s users.
“We don’t consider two-factor a mandatory thing,” Hill explains. “We see account security as our responsibility regardless of technologies you choose to use. For people who want to stay in control, this would be a good choice for someone who wants to stay ahead of even the most advanced attacks.”
Unfortunately, there’s not a great way to integrate security keys with most mobile devices yet. When logging into their Facebook accounts on mobile, most users will still have to go through the regular old two-factor SMS process.
Users with NFC-capable Android devices and the latest versions of Chrome and Google Authenticator can use an NFC-capable key to verify their identity on the Facebook mobile website.
The challenge of using a security key with a mobile device is one Hill expects to see addressed in the future. Although access is currently limited to certain Android users, Hill says he anticipates more APIs on the Android platform that will support security keys — and that other platforms will follow suit.
Ready to activate your security key? Go to Security Settings in your account and click “Add Key.” (Note: This will only work if you’re using the Chrome or Opera browser.)