Facebook is now allowing its users to secure their accounts using a physical security key as part of two-factor authentication (2FA), which introduces an additional means of security on top of, typically, a password. The new process can be used on both iOS and Android devices. It’s pretty straightforward but may require some pointers for those unfamiliar with security keys and 2FA.
USB key fobs aren’t just used as flash drives for storing files but can be used as a means of physically unlocking and securing digital accounts. They can work as a sole means of authentication but are typically used in conjunction with a password as an additional layer of security and are faster and more secure than alternatives like authenticator apps or verification via SMS. Facebook already offers such a feature for desktop users, but it only offered more basic two-factor authentication methods for mobile users.
Now, though, Facebook is encouraging mobile users to start taking advantage of its new physical security key support to avoid account breaches. To do so, users will need to buy a key. Facebook does not make security keys itself, so users will need to invest in one from a third party like Yubico or Google.
Using Physical Security Keys With Facebook
Once users have a security key, they first have to visit the Settings menu on their Facebook app. From here, they have to tap on ‘Security and Login’ and then ‘Two-Factor Authentication.’ Users can find the ‘Security Key’ option at the bottom of that page, under the ‘Select a security method’ section, and Facebook will then walk them through the setup process.
Of course, two-factor authentication still has some weaknesses and the same goes for security keys since not all of them are created equal. It pays to know which type of security key users will be using on the app as it’s first necessary to specify how keys function before they can be registered. Some keys come with a physical button that needs to be pressed before Facebook can recognize them, while others, such as those that use NFC, just need to be near the mobile device during the registration process.
At the moment, USB security keys can only be used with Facebook as part of 2FA, meaning users cannot unlock their account using the key alone and that they still need to remember their other account credentials. Maybe one day, though, Facebook will take a page out of Twitter’s book and allow security keys to be the sole means of unlocking an account. This would mean users could finally forego the need to remember a password.
More: How To Enable Two-Factor Authentication For Google Account
