Yahoo News Facebook just added support for physical security keys and that's a big plus
When the rollout of its newest privacy tools, Facebook snuck in a very useful update: support for physical security keys. That means you can now use any USB key that supports the universal second factor (U2F) standard to log into your Facebook account, confirming your identity just by tapping the key.
SEE ALSO: Facebook changes how it talks about privacy
What does this mean?
You can now use a physical key to log into your Facebook account just like you'd use a key to start a car. You'll still need to use the key in combination with your password (so if a person steals it, they won't be able to log in). You can even use a key to log into Facebook via Chrome on Android, that is, assuming both your phone and key have NFC wireless tech.
"Using your phone for two-factor authentication works well for a lot of people, and it's way more secure than using just your password." Facebook said in a comment from the Facebook Security page. "Security keys offer certain advantages, though, and we wanted to offer people the option."
What is a security key anyway?
A security key is a USB-based hardware key that functions as the second "factor" in two-factor authentication. Once you log into a service that supports they key, all you need to do is insert the key into a port and tap it to complete your login — no SMS or Google Authenticator codes required. Keys typically support several security features and standards, like one-time passwords, public key encryption and authentication, and the Universal 2nd Factor (U2F).
Image: yubikey
In case you're unfamiliar: two-factor authentication is a method of confirming a user's identity by utilizing two different components. Two different types of information are used. Something you know, like a password, and something you have, like a physical key. A simple example is an ATM. To withdraw money, you need something you have, the bank card, and something you know, a PIN number. This protects you in situations where either your PIN or card is stolen.
Why do I need one?
While two-factor authentication via SMS is gaining popularity, many experts prefer security keys especially for desktop and laptops, which most people use in the workplace.
As compared to other forms of authentication, security keys are faster, can be used on a number of different services like Facebook, Google and Dropbox, and are nearly immune to phishing and man-in-the-middle attacks. The keys currently only work on the latest versions of Chrome and Opera, the browsers that support U2F.
Another benefit of shifting to a physical security system is that it lays the groundwork for eliminating passwords entirely. In addition to the security key, companies like Google have previously tested other forms of physical security, including using a ring.
In a Wall Street Journal op-ed last year, President Obama encouraged more Americans to “move beyond passwords” and add an extra layer of security to their accounts. Particularly over the last few years, password theft of large organizations like Target, Time Warner and several banks have left hundreds of millions of accounts compromised. While multi-factor authentication has existed for many years to protect against password theft, in the form of security questions, PIN codes and more, the methods vary greatly in quality, and some of them can be compromised by social engineering.
The most easily available security key is the Yubikey by Yubico. Its simplest key retails for $18.
Image: facebook
Facebook adding U2F support is an important step in pushing forward the adoption of physical security keys, and potentially making millions of Facebook accounts more secure. Facebook itself has nearly 1.8 billion users and its other services have hundreds of millions as well. While security keys may not be popular yet, with support from massively popular services like Facebook and Gmail, they soon could be.
