We hear a lot about 2-factor authentication these days, an invaluable way to protect your account from someone who has stolen your password, but there’s an inherent wrinkle built into the system: SMS. Most 2FA setups use text messages to deliver a one-time code sent to your phone, but there can be issues with that system. For one, it requires a cell connection, and for another texts can be intercepted.
Granted, this is a small window of opportunity for hackers, but Facebook wants to close it all the way. To secure accounts even further, it has begun rolling out support for security keys into its account login protection, eliminating SMS from the equation and letting users lock down their accounts with a fast, foolproof 2FA method. And for Android users with one of the newer NFC-capable phones, it’s even easier.
“Starting today, you can register a physical security key to your account so that the next time you log in after enabling login approvals, you’ll simply tap a small hardware device that goes in the USB drive of your computer,” Facebook security engineer Brad Hill wrote in a post. “Your login is practically immune to phishing because you don’t have to enter a code yourself, and the hardware provides cryptographic proof that it’s in your machine.”
If you have an NFC-equipped Android phone, you can use a YubiKey Neo to instantly authenticate your Facebook account.
Since it’s a new feature, it only works with the latest version of Chrome or Opera on a PC, and isn’t yet supported by the mobile Facebook app. However, as xHill writes, if you have an NFC chip in your Android phone, you can download the latest version of Chrome and Google Authenticator in the Play Store to use your key to wirelessly unlock your account.
Yubico’s security keys start at $18, but the NFC-equipped Yubikey Neo costs $50. However, they aren’t just useful for Facebook. Security keys work with a variety of accounts, including Google, Dropbox, and GitHub, though the implementation may vary, especially over NFC.
The impact on you at home: Securing online accounts should be a top priority for anyone who posts and shares personal information over social media or email (which is pretty much everyone), but far too few people understand just how important it is. While it’s unlikely that this method will have an immediate measurable effect on Facebook users, it’s a glimpse at how serious the social media giant is about security, and how two-factor authentication could become much more commonplace in the future.
Sign up for CIO Asia eNewsletters.