YubiKey & FIDO U2F Protect Facebook Users… Like!

Many say that if it didn’t happen on Facebook, then it didn’t really happen.

Well, today, a HUGE thumbs up has happened — Facebook has upgraded the login security for its 1.8 billion users by integrating the unphishable protection of the FIDO U2F Security Key into its social platform.

Simply put, this means that Facebook users, from individuals to the largest organizations, can have peace-of-mind knowing their account is safe with a simple touch of a Security Key, like the YubiKey. Picture it: you have a physical key to your car and home, and now you have a physical key protecting your Facebook. This also means all the services that you access with Facebook login are protected too. And the same Security Key can also be used for the growing list of services supporting U2F, including Google, Dropbox, and many more.

The need for two-factor authentication (logging in with something you have and something you know) grows daily as we hear about new breaches and hacked passwords. However, recent security threats have shown that mobile push apps and SMS do not offer enough protection against phishing and man-in-the-middle attacks.

If you currently have a U2F-enabled YubiKey and a Facebook account, you can go into your Facebook security settings and set it up now! You can buy a FIDO U2F Security Key or YubiKey here (or two, as we recommend having a backup). Once a U2F Security Key or YubiKey is registered and authenticated with your Facebook account, you will not need to use your key again to log in on that device until you clear your browser’s cache. Facebook considers your device as “trusted” for convenience. Which means if a hacker attempts to log in to your account from another device, they will be blocked unless they also have your password and your physical Security Key.

With a Security Key, you can remove SMS which will raise your security for all mobile devices. To achieve the strongest level of security for mobile, you can use a YubiKey NEO on Android phones with NFC.

“We’re excited to offer security keys as an additional option to make login to Facebook even more secure. We’re grateful to Yubico for the support and feedback they’ve provided.” said Brad Hill, Facebook Security Engineer.

Yubico and Google co-created U2F with the vision to scale easy-to-use, strong, public key cryptography for all internet users. Yubico developed the first FIDO U2F authenticator, published free and open source code for clients and servers, and we continue to drive this work within open standards organizations, including the FIDO Alliance, and W3C.

A study on internal and external Security Key usage by Google validates that U2F is one of the most secure, easy to use, and cost-efficient authentication technologies. And as users can have multiple affordable backup keys, support calls are greatly reduced compared to phone authenticators.

Historically, strong authentication has been tied to users’ real identities or a central service provider. During the U2F development work, Yubico’s CTO, Jakob Ehrensvard, introduced the concept of an authenticator that works across any number of services with no shared secrets. This allows users to be anonymous, and have multiple, yet secure identities. Today, U2F and YubiKeys are used to protect the privacy of individuals and organizations in 160 countries, including journalists and dissidents at risk.

In a time when security breaches have become a serious threat to our trust in the internet, FIDO U2F offers a secure link between the user and the services we connect to. It’s an open standard, not controlled by governments or corporations — but a simple way for users to take control over their own security and privacy.

Today’s support in Facebook is an important milestone for making the internet safer for everyone.

P.S. It was fun playing the bad guy in the short video above.

silly hacker

Talk to our teamTalk to our team

Share this article:


  • Introducing new features for Yubico Authenticator for iOSWe’re excited to share the new features now available for Yubico Authenticator for iOS in the latest app update on the App Store. Many of these improvements aim to address frequently requested features from our customers, while providing additional new functionalities for a seamless authentication experience on iOS.  With increased interest in going passwordless and […]Read moreiOSYubico Authenticator
  • Platform independent digital identity for all Many are understandably concerned that the great invention called the Internet, initially created by researchers for sharing information, has become a major threat to democracy, security and trust. The majority of these challenges are caused by stolen, misused or fake identities. To mitigate these risks, some claim that we have to choose between security, usability […]Read moreDigital IdentityEUDIFounderStina Ehrensvard
  • Q&A with Yubico’s CEO: Our move to the main Nasdaq market in StockholmAs 2024 draws to a close, it’s the perfect time to reflect on the incredible journey we’ve had this year and how it has shaped where we stand today as a company. To mark this moment, I sat down with our CEO, Mattias Danielsson, to look back on the milestones and achievements of 2024—culminating in […]Read moreCEOMattias Danielsson
  • Exploring DORA: A look at the next major EU mandateFinancial institutions have historically managed operational risk using capital allocation, but under EU Regulation 2022/2554 – also known as the Digital Operational Resilience Act (DORA) – the financial sector and associated entities in the European Economic Area (EEA) must also soon follow new rules. These new rules focus on the protection, detection, containment, and the […]Read moreDORAEU