Congratulations, you have a U2F YubiKey! So how do you set it up to protect your Facebook account? Follow these instructions and you’ll be protected with the simplicity of YubiKey two-factor authentication in no time!
- Latest version of Google Chrome browser (or at least version 38) or Opera browser
- A FIDO U2F Security Key by Yubico, YubiKey 4, YubiKey 4 Nano, YubiKey 4C, YubiKey NEO*, or other Yubico U2F-enabled YubiKey
- A Facebook account
*YubiKey NEO requires firmware version 3.3 or later (available since October 2014)
Setting Up Your Facebook Account
- In Google Chrome or Opera, log in to Facebook.
- Click the arrow at the top right, and then click Settings.
- In the Security Settings page, in the left pane, click Security.
- Next to Login Approvals, click Edit.
- Under Code Generator, click the link to set up a third party app to generate codes.
- Scan the QR code with your favorite authenticator app that you use to generate codes (or enter the secret key manually, if required).
- Once the credential is added to your authenticator app, return to Facebook in your browser and enter the current 6-digit code generated by the app in the Security code field, and then click Confirm.
- Next, you are going to add your YubiKeys. Still in Login Approvals, under Security Keys, click Add Key, and then click Continue.
- Insert your YubiKey into a USB port of your computer (if it isn’t already inserted), wait for the YubiKey to blink, and tap the YubiKey.
- Enter a name for your YubiKey, and then click Continue.
- Click Done.
- If you have additional YubiKeys to register, repeat steps 8-11 until all devices are registered
- Next, you are going to enable two-factor authentication, so that you can use your YubiKeys. Still in Login Approvals, for Two-Factor Authentication is currently disabled, click Enable.
- You are prompted with a message for the next seven days, do not require a second factor to disable two-factor authentication. This option is checked automatically. For greater security, we recommend that you uncheck this option. This means that if you want to disable two-factor authentication, a form of two-factor authentication will be required first. This is a way to ensure that your account isn’t accessed by someone who could then change or disable your security settings.
- Click Enable.
- Click Close.
- You can now log out of your Facebook account and log back in to confirm that two-factor authentication is enabled.
Note: For better security, we recommend removing your phone number to stop receiving text messages (SMS) for login approvals. You can replace it by adding both a security key and Code Generator to your Facebook account.
Logging in to Your Facebook Account
Logging in to your Facebook account with your YubiKey is refreshingly simple.
- On the Facebook login page using Chrome or Opera, enter your Email or Phone, Password, and click Log In.
- In the Two-Factor Authentication Required screen, be sure your registered YubiKey is inserted and the light is flashing, before you tap it.
- In the Remember Browser screen, choose if you want to save this browser so you don’t have to authenticate the next time you log in.
Congratulations! Your Facebook account is now secure with Yubico two-factor authentication!
Using YubiKey NEO with NFC?
After you have set up your YubiKey NEO, you can use it to log in on your Android device. For information on how to use your YubiKey NEO with Facebook on Android, see our how to guide.
No U2F-Enabled YubiKeys?
Here is a one-time password solution for Facebook that works with YubiKeys that do not currently support U2F. It relies on a free application called Yubico Authenticator (that works on the Windows, Mac, or Linux operating systems) to generate time-based authentication codes.
Running Microsoft Internet Explorer or Mozilla Firefox?
Mozilla is currently building support for U2F and Microsoft is working within the FIDO Alliance to bring support to Windows 10. But for now, you can use Yubico Authenticator, described above, for YubiKey two-factor authentication if your browser isn’t Google Chrome or Opera.