Advertisement

You can now use a physical key to log in to Facebook

Facebook users are now able to use physical USB keys to authenticate their identities when logging in. The feature, announced Thursday, represents the addition of another option for the social media platform's users to configure two-factor authentication approval.
YubiKey
Security key in action as a second factor of identity (Yubico)

Facebook users are now able to use physical USB keys to authenticate their identities when logging in. The feature, announced Thursday, represents the addition of another option for Facebook users to configure two-factor authentication approval.

Traditionally, if a Facebook user were to log in to an account from an unrecognized device or browser, two-factor authentication would prompt a request for a special security code that is delivered via an SMS-based text message or authentication application. With Thursday’s news, Facebook users will now also have the option of relying on hardware to authenticate themselves.

Cybersecurity experts commonly describe two-factor authentication, or 2FA, as a necessary baseline security measure.

The security key feature is currently only compatible with the latest versions of Google Chrome and the Opera web browser. Both browsers support the open Universal 2nd Factor, or U2F, standard that is hosted by the FIDO Alliance.

Advertisement

“Most people get their security code for login approvals from a text message or by using the Facebook app to generate the code directly on their phone. These options work pretty well for most people and in most circumstances, but SMS isn’t always reliable and having a phone back-up available may not work well for everyone,” Facebook security engineer Brad Hill wrote in a company blog post Thursday. “Using security keys for two-factor authentication provides a number of important benefits.”

Using a physical key for 2FA helps thwart email phishing-style attacks. Because security keys are unique to the user, some rely on a fingerprint, and all employ a randomly generated password during each login process, the information obtained during the course of a phishing attack or other surveillance operation would be rendered useless.

USB security keys are developed and sold by a number of technology companies, including Swedish-American security firm Yubico. CyberScoop previously reported that Yubico had enjoyed a spike in orders from the U.S. federal market in 2016.

Security keys that support U2F — the FIDO standard — also function for 2FA login requirements of Google, Dropbox, GitHub and Salesforce, among other popular web-based services.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts