Facebook Introduces Physical Keys (FIDO U2F) as Security

Standard

Today, January 26, Facebook announced that they have introduced ‘physical keys’ (i.e. usb keys) as an option of the two-factor authentication. Google has already introduced this two years earlier.

A few years ago two-factor authentication was introduced by Google and Facebook among many other companies which allowed the user to set an extra security measure to avoid loosing their account in case their password was stolen. This extra layer required the user, if using a new computer or IP, to enter an authentication code generated (regularly) through an app (e.g. Google’s authenticator for Google accounts).

The idea of a physical key is that with that if your account password was stolen it will be hard to access your account. It will also be harder than if you had a software only (i.e. not physical) two-factor authentication as stealing the key will require physical access to it, given that you take good care of protecting it.
To use it, the user would sign in with his password as usual, plug in the usb key, which can bought and used with many services, and tap on it.

Moreover, the Facebook security team said that this currently works with the latest Chrome & Opera browsers but not, yet for, Firefox. They said that U2F support doesn’t exist in the Firefox browser doesn’t , but that they are working on an official one. But Firefox verion 50 already has it but needs to be enabled. To enable it simply go to about:config (careful here!) and search for and enable (source):

security.webauth.u2f
security.webauth.u2f_enable_softtoken

Of course, it is disabled for a reason. It is still in development/testing phase.

Another option is to install the User Agent Switcher and U2F add-ons. The former allows you to trick websites (and here Facebook) about which browser you’re using. Of course, you will want to switch to Chrome or Opera. The latter is an open-source add-on.

Source: Facebook Security team

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s