Facebook accounts can now be secured with a physical USB key
Facebook has introduced a new login authentication mechanism that allows user accounts to be secured with a physical USB key. Securing accounts with a physical key is one of the best ways that consumers can take control of the security of their accounts.
However, not just any USB can be converted to a USB key required for Facebook login authentication. Keys that support the U2F standard are supported as of now, and users will have to get one of to use the physical USB key security feature on Facebook.
The U2F standard has been developed by Google and Yubico, hosted by an industry consortium created specifically for overseeing the specifications of an open authentication system known as the Fido Alliance. U2F provides strong two factor authentication using public key cryptography. There are a number of U2F keys available in India. The FIDO U2F Security Key from HyperFido has a tiny form factor, and is available for Rs 1,482. The YubiKey Tricolour Pack from Yubico has three USB keys in the colours of the Indian flag, and is available for Rs 5,000.
The keys can only be used to authenticate Facebook logins on the Google Chrome and Opera browsers. Firefox is working to add U2F support to the browser. The physical security option is, for the most part, only available to desktop users. U2F keys with NFC tags can be used to authenticate Facebook logins from select Android devices that have NFC capabilities. The latest version of Chrome and Google Authenticator have to be installed on the device for U2F keys to work. In the security settings menu, under login approvals, users can add a number of physical USB keys to authenticate logins.
The additional safety feature is particularly useful for sensitive accounts such as activists, social workers and government officials. Sensitive accounts being compromised can lead to far reaching repercussions that can affect groups or communities of people instead of just one individual. Regular users can secure their accounts with two factor authentication, where a code is sent via SMS to the mobile phone of the person. The USB security key can be used for people with spotty SMS coverage, or when using a mobile phone is not an option.
The physical security key prevents digital attempts to compromise accounts, such as social engineering or phishing scams. The USB key provides cryptographic proof that the intended user is accessing the account. The login process is simple, the button on the USB keys have to be pressed on login, and the physical verification is done. The same key can be used to authenticate access to GitHub, Salesforce, Gmail and DropBox. Logging in to other services is secure, as the key itself does not keep track of where it has been used.