Facebook introduces security keys for enhanced account protection

Social networking giant Facebook Inc., on Thursday introduced an additional option for account protection. Users can now register a USB-based physical key to their accounts, thus allowing them to login via a small hardware, Brad Hill, a security engineer at Facebook said in a blog post.

Most users access their accounts via two-factor authentication, which requires them to input a security code in addition to a password. The security code is sent via SMS text message or via the Facebook app.

With the new security key, users do not need to generate a code via text message. Instead, they would need to purchase a UBS-powered security key manufactured by companies like Yubico. The security firm's proprietary YubiKey can be inserted in a desktop, laptop or mobile device and users can generate a code from the device. The YubiKey supports U2F, Universal 2nd Factor, an open authentication standard developed by Google and Yubico which allows users to securely access services on a single device. U2F has been adopted by companies such as Dropbox, Salesforce, Gmail, and even the UK government.

Presently, U2F is supported by the FIDO Alliance, an open-authentication industry consortium.

However, the physical security keys for Facebook logins currently only work on certain web browsers like the latest version of Chrome or Opera, and the NFC-enabled Android devices. The Facebook mobile app doesn't support security key logins.