Social media has always been a playground for hackers. As we’ve seen from countless examples, Facebook especially has faced its fair share of high-profile security incidents involving public figures. To mitigate this, the Mark Zuckerberg-led corporate giant instituted 2FA through SMS for the Facebook app. As I have discussed in the past, however, SMS verification has numerous issues and is not regarded as highly by the cybersecurity world today.
Facebook’s security team has noticed this and announced an alternative. In a blog post entitled “Security Key for safer logins with a touch,” Facebook said it would allow users to “register a physical security key… so that the next time you log in after enabling login approvals, you’ll simply tap a small hardware device that goes in the USB drive of your computer.”
The post further states that only keys with the ability to support the Universal 2nd Factor (U2F) standard from the FIDO Alliance are accepted. As this is the case, there is a slight limitation as to which users will actually be able to utilize the key 2FA method. Currently, according to Facebook security, only “the latest version of Chrome or Opera” is accepted for browsers, and, additionally, there is no security key for the mobile Facebook app. The one workaround for the mobile issue is applicable to Android users. As Facebook states, “if you have an NFC-capable Android device with the latest version of Chrome and Google Authenticator installed, you can use an NFC-capable key to log in from our mobile website.”
There was some criticism in the comments section of the post related to the limitations of who and what can utilize the new security key 2FA method. In response, Facebook responded by stating they are “looking forward to enabling this feature for other browsers as soon as possible,” further adding that “Firefox is already working on support for U2F, and it’s our hope that the Web Authentication API that’s in progress at the W3C will bring even broader reach for security keys.”
While Facebook has a muddy history in terms of privacy and proper security, it is nice to see the company taking more steps to protect its users. From the ability to use end-to-end encryption in Facebook Messenger to this security key addition, it appears that Zuckerberg’s brain child is heading in a better direction.