Many say that if it didn’t happen on Facebook, then it didn’t really happen.
Well, today, a HUGE thumbs up has happened — Facebook has upgraded the login security for its 1.8 billion users by integrating the unphishable protection of the FIDO U2F Security Key into its social platform.
Simply put, this means that Facebook users, from individuals to the largest organizations, can have peace-of-mind knowing their account is safe with a simple touch of a Security Key, like the YubiKey. Picture it: you have a physical key to your car and home, and now you have a physical key protecting your Facebook. This also means all the services that you access with Facebook login are protected too. And the same Security Key can also be used for the growing list of services supporting U2F, including Google, Dropbox, and many more.
The need for two-factor authentication (logging in with something you have and something you know) grows daily as we hear about new breaches and hacked passwords. However, recent security threats have shown that mobile push apps and SMS do not offer enough protection against phishing and man-in-the-middle attacks.
If you currently have a U2F-enabled YubiKey and a Facebook account, you can go into your Facebook security settings and set it up now! You can buy a FIDO U2F Security Key or YubiKey here (or two, as we recommend having a backup). Once a U2F Security Key or YubiKey is registered and authenticated with your Facebook account, you will not need to use your key again to log in on that device until you clear your browser’s cache. Facebook considers your device as “trusted” for convenience. Which means if a hacker attempts to log in to your account from another device, they will be blocked unless they also have your password and your physical Security Key.
With a Security Key, you can remove SMS which will raise your security for all mobile devices. To achieve the strongest level of security for mobile, you can use a YubiKey NEO on Android phones with NFC.
“We’re excited to offer security keys as an additional option to make login to Facebook even more secure. We’re grateful to Yubico for the support and feedback they’ve provided.” said Brad Hill, Facebook Security Engineer.
Yubico and Google co-created U2F with the vision to scale easy-to-use, strong, public key cryptography for all internet users. Yubico developed the first FIDO U2F authenticator, published free and open source code for clients and servers, and we continue to drive this work within open standards organizations, including the FIDO Alliance, and W3C.
A study on internal and external Security Key usage by Google validates that U2F is one of the most secure, easy to use, and cost-efficient authentication technologies. And as users can have multiple affordable backup keys, support calls are greatly reduced compared to phone authenticators.
Historically, strong authentication has been tied to users’ real identities or a central service provider. During the U2F development work, Yubico’s CTO, Jakob Ehrensvard, introduced the concept of an authenticator that works across any number of services with no shared secrets. This allows users to be anonymous, and have multiple, yet secure identities. Today, U2F and YubiKeys are used to protect the privacy of individuals and organizations in 160 countries, including journalists and dissidents at risk.
In a time when security breaches have become a serious threat to our trust in the internet, FIDO U2F offers a secure link between the user and the services we connect to. It’s an open standard, not controlled by governments or corporations — but a simple way for users to take control over their own security and privacy.
Today’s support in Facebook is an important milestone for making the internet safer for everyone.
P.S. It was fun playing the bad guy in the short video above.