/>
X

Facebook adds security key and YubiKey support for 2FA

Security keys are thought to be more effective at preventing phishing attacks and data breaches than two-factor authentication via SMS.
natalie-gagliordi-author.jpg
Written by Natalie Gagliordi, Senior Writer on
fbsecuritykey.png

A security key is a USB-based device that generates an encrypted, one-time security code for use in two-factor authentication (2FA) systems.

Facebook announced that it now supports physical security keys as a second form of identification for users looking to safeguard their accounts online.

A security key is a USB-based device that generates an encrypted, one-time security code for use in two-factor authentication (2FA) systems.

In most cases, security codes for 2FA are sent to a user's phone via text-based SMS message. But security keys go the route of hardware-based authentication, requiring an actual physical device that's inserted into the computer's USB drive as a second form of identification.

Security keys are thought to be more effective at preventing phishing attacks and data breaches than 2FA via SMS, because even if someone's credentials are compromised, account login is impossible without that physical key.

The caveat, at least in Facebook's implementation, is that these security keys only work with the latest version of Chrome or Opera web browsers, and Facebook says it won't immediately support the mobile Facebook app.

ALSO SEE: YubiKey for Windows Hello brings hardware-based 2FA to Windows 10

Facebook is supporting security keys based on the Universal 2nd Factor (U2F) standard established by the FIDO Alliance, such as the YubiKey by Yubico. Google, Dropbox, GitHub, and Salesforce also offer security key support based on the U2F protocol.

Facebook noted that users with an NFC-capable Android device can use Yubico's NFC-capable keys to log in from Facebook's mobile website. However, this method requires the latest version of Chrome and Google Authenticator installed on the device. To add a security key, go to Facebook's Security Settings and follow the prompts under Login Approvals.

From a small business perspective, security keys offer a relatively simple way to secure online accounts from malicious activity. Passwords alone are inefficient when it comes to internet security, and both companies and individuals continue to rely on embarrassingly lazy passwords.

Meanwhile, SMBs tend to rely on an increasing number of web platforms to run their businesses, making the need to secure and protect data and access all the more critical.

Russian hackers are stealing up to $5M a day from US companies

Related

Are you ready for the worst Economy Class airline seats in the world?
airline-seats.jpg

Are you ready for the worst Economy Class airline seats in the world?

Business
This stuff is better than compressed air for cleaning your dirty tech
img-6864

This stuff is better than compressed air for cleaning your dirty tech

Office Hardware & Appliances
Google looks to reduce pushback bias in developers' software code review
close up programmer man hand typing on keyboard at computer desktop for input coding language to software for fix bug and defect of system in operation room , technology concept

Google looks to reduce pushback bias in developers' software code review

Developer