Facebook Lets You Lock Down Your Account With Physical Security Keys

28 January 2017

Facebook Inc. is giving users a new way to keep their social network accounts secure. On Thursday it announced it was introducing a new form of two-factor authentication that relies on hardware dongles—a physical key—in addition to passwords.

Facebook will use two types—USB security keys you can slide into a laptop and touch to activate, and NFC security keys that can communicate with wireless chips built into certain Android smartphones.

Facebook has long offered two-factor authentication—aka Login Approvals—via randomly generated codes sent to your phone via text message or the Facebook app. Because it requires a phone (or a dongle), the process prevents account access by someone who simply finds out your password.

Privacy experts almost universally recommend using two-factor authentication wherever available—and we’ve been urging users to employ two-factor verification for years now, among other tips to keep you from being hacker bait. Regardless of which type you choose, you definitely should make sure your login approvals are activated.

Facebook has created a guide to what sort of security keys you can buy—for around $15 to $20—and how to set them up. But there are a few important caveats to keep in mind before buying yourself a dongle. Currently, security-key login only works with Facebook’s mobile and desktop websites, not its popular mobile apps. And the NFC option only works with NFC-capable Android handsets, and not Apple Inc.’s iPhones. (These have NFC, but it’s currently reserved for proprietary tech such as Apple Pay.) To use the security keys, you will need the latest Opera or Google Chrome browsers.

Bear this in mind: If you do opt for a dongle, make sure to print out Facebook’s recovery codes, found in Security Settings under Login Approvals. If not, and you lose your dongle, you might get locked out.

Along with this, Facebook redesigned its Privacy Basics pages. The new guide directs users to the same things as before—user controls for login security, privacy and advertising settings, plus Facebook’s “Privacy Checkup.” But the new look is more attractive, and designed to be easier to use, Facebook said.

Source - Wall Street Journal