Facebook gets physical for safer logins
Facebook has been offering the two factor authentication login option for a while now, and is now trying to make its use easier than ever before.
“Most people get their security code for login approvals from a text message (SMS) or by using the Facebook app to generate the code directly on their phone. These options work pretty well for most people and in most circumstances, but SMS isn’t always reliable and having a phone back-up available may not work well for everyone,” Facebook security engineer Brad Hill explained, and announced that, from now on, users can register a physical security key to their account.
So, instead of entering a confirmation code after entering the password, users can simply tap their physical security key, and they’re in.
Aside from making the login process faster and easier, the option offers protection against phishing attacks, as you don’t have to enter a security code, and phishers have no way of getting your security key.
Also, the security key can be used for two-factor authentication schemes offered by other online services (Google, Dropbox, GitHub, etc.).
Using a security key with your Facebook account
Instructions on how to add a security key to your account can be found here, but you have to know there are some limitations for its use.
It currently works only with certain web browsers: the latest version of Chrome or Opera. “At this time we don’t support security key logins for our mobile Facebook app, but if you have an NFC-capable Android device with the latest version of Chrome and Google Authenticator installed, you can use an NFC-capable key to log in from our mobile website,” Hill also pointed out.
So, you’ll still need to set up an alternative login approval method, just in case.