The fact that “123456” was the most common password of 2016 goes to show that securing online accounts remains low on the list of priorities for many. Even for those that utilize strong passwords, there’s often more than can be done to protect themselves.
Two-factor authentication is an excellent way to add an additional layer of security to an account but as Facebook security engineer Brad Hill correctly points out, SMS – the vehicle that many use for security code delivery – isn’t always reliable and may not work well for everyone.
Fortunately, security-minded Facebook users now have an alternative to turn to.
From today, it’s now possible to register a physical security key like those sold by Yubico with your Facebook account. The next time you log in after enabling login approvals, you’ll just need to tap the USB stick which supports FIDO Alliance’s open Universal 2nd Factor (U2F) standard.
Hill cites several advantages to using security keys for two-factor authentication. For example, your login is more or less immune to phishing because you don’t have to enter a code yourself. Furthermore, the hardware provides cryptographic proof that it is in your machine.
Best yet, security keys with U2F support aren’t just for Facebook. Indeed, you can use the same key with a number of other online services from the likes of Google, Dropbox and Salesforce, just to name a few.
There are, however, a few shortcomings that you’ll want to be aware of such as the fact that security keys for Facebook only work with certain browsers and mobile devices. For example, you’ll need to be using the latest version of Google Chrome or Opera to register a key from your computer.
Also, security key login isn’t yet supported on Facebook’s mobile app although if you have an NFC-enabled Android device using the latest version of Chrome and have Google Authenticator installed, you can use an NFC-capable key to log in from Facebook’s mobile website.
Sure, there’s more work involved in using two-factor authentication with a physical key but it sure beats dealing with the ramifications that come with having an account hijacked.
Yubico security key prices start at $18.