Security Keys are based on FIDO U2F, using public key crypto and with native support in the browser. FIDO U2F is developed to protect against phishing and man in the middle attacks. SMS is a commonly-used backup option but is susceptible to both man-in-the-middle and phishing attacks. This is further validated by National Institute of Standards and Technology (NIST), that no longer recommends SMS as highlighted in section in the latest draft of its Digital Authentication Guidelines.

in FacebookFrequently Asked Questions