Facebook Adds U2F USB Security Key Support For Safer Login
As it looks to increase security, and ultimately protect end-users from having their accounts taken over or data stolen, Facebook has today rolled out a new security feature that has been designed to add an additional layer of difficulty between a would-be hacker and an innocent user’s Facebook account.
This comes in the form of a USB security key which can now be set up to authenticate a user’s authenticity during any login attempt, thus nullifying most hacking attempts.
One of the great things about this new system is that hackers simply won’t be able to gain access to an account that is protected by a security key, even if they have full access to the correct username and password associated with the Facebook account in question.
This particular adoption by Facebook is very similar to two-factor authentication, but it actually goes a step further by solving one of the major downfalls which comes attached to that process. Facebook is obviously looking to take security seriously with this integration, both to save itself from a lot of hassle, and to also look after the best interests of the account holder.
One of the problems with two-factor authentication – which typically involves a user receiving a message on another device from a site containing a code – is that it is actually possible for a malicious attacker to intercept that message by hacking the user’s SIM card in a mobile device. If that occurs, it basically means that the hacker has all of the required components to actually force the service to accept the authentication, and allow the log-in to be successful. Facebook’s addition of a security key removes that weakness by ensuring that no verification code actually has to be transmitted directly to the user.
The new feature means that Facebook account holders can use a U2F compatible security key to verify the log in without needing to receive a special code. To get up an running with this feature, simply log into Facebook’s security settings using your account, and head over to Login Approvals and click Edit> Security Keys and click Add Key.
Granted, this does mean that there’s a need to carry around yet another little gadget on a keyring or in your pocket, and it does introduce a small amount of fragmentation between logging in on desktop and logging in via mobile, but underneath all of that is yet another step by a company that has over one billion active users, to protect the account information of those individuals.