Facebook adds support for Security Keys on iOS and Android
Unlike other two-factor authentication methods, using a hardware security key means the user has to insert the key when you login, effectively rendering password hacking useless.
Account fraud is a huge problem, and keeping users accounts secure is one of the top priorities of every large tech company today. Companies (like Microsoft and Google) are already focusing on allowing users to sign in with additional hardware tools like security keys, and Facebook just extended that support to iOS and Android devices.
In an update to its blog on Thursday, the company said that it was adding support for physical security keys - like YubiKeys, as a form of two-factor authentication, to prevent attackers from trying to get into your account, even if they manage to get a hold of your password.
Facebook actually added support for logging in with the help of security keys all the way back in 2017, but you could only do so on desktops and laptops running a modern browser like Chrome. If you wanted to log on to your mobile devices, there was simply no way to use a security key.
There are various options for users who want to use two-factor authentication, such as receiving a One Time Password (OTP) via SMS or using an app like Authy or Google Authenticator, but these can all be gamed by hackers who can use social engineering to trick people into giving up these codes.
Unlike these methods, a security key is something that has to be inserted into the device you are signing on to - or tapped on the back using Near Field Communication (NFC) in order to authenticate, which makes it a lot more secure as the attacker would have to convince you to connect your key to their device to compromise your account. Here's how you can set one up right away.
“Since 2017, we've encouraged people that are at high risk of being targeted by malicious hackers: politicians, public figures, journalists and human rights defenders. We strongly recommend that everyone considers using physical security keys to increase the security of their accounts, no matter what device they use,” the company said on its blog.