Facebook adds macOS-compatible USB security keys for cryptographic account security

Posted:
in General Discussion
As part of a security and privacy revamp, Facebook is offering users worried about their privacy and potential account compromises a new authentication procedure, one that relies upon a physical security key to perform extra authentication before an account can be accessed.




Starting today, the social network will support security keys, USB thumb drives that plug into a Mac or PC and use the FIDO Alliance's open Universal 2nd Factor (U2F) standard to provide cryptographic proof of identity. The keys, such as those sold by Yubico, can be registered to an account through the two factor authentication settings in the security menu.

Facebook does already offer two-factor authentication as an extra security measure, with account holders able to use the Facebook app to generate a code or to have one sent in a text message to their phone. While suitable for the majority of users, there is still the possibility of the SMS being intercepted by an attacker, or simply not arriving in a timely manner, making it weaker.

By using the physical security key, Facebook advises the login process with two-factor authentication can be quicker than the other methods, and also effectively makes the account immune to phishing attempts. It is also possible for the key to be reused as proof for other services, including Google accounts and Dropbox, allowing for multiple services to be protected using the same key.




While the additional security is useful, it does have its limitations in terms of compatibility. Safari is not a supported browser, so macOS users will have to use Opera or Chrome to log in using a security key, and it doesn't work when logging in via an iPhone or iPad, requiring mobile users to continue using one of the other two-factor authentication methods.

One small barrier to users is the need to buy a physical key, which for Yubico's supported YubiKeys start from $18 for a basic key, rising to $50 for models with more functions. Some of the more expensive keys also include NFC, which can be used to authenticate with the Facebook mobile site on an Android device, though not currently the Facebook app.

Comments

  • Reply 1 of 8
    irelandireland Posts: 17,584member
    Weird.
  • Reply 2 of 8
    LOL. If a person was really concerned about privacy, they'd not use Facebook!
    bobcat62lostkiwiwatto_cobra
  • Reply 3 of 8
    LOL. If a person was really concerned about privacy, they'd not use Facebook!
    This may be a popular feature for "professional" Facebook users--i.e., companies and celebrities where their Facebook presence is part of their marketing/communication/branding strategy.
    SoliDeelron
  • Reply 4 of 8
    They've not heard of TouchID then!
    watto_cobra
  • Reply 5 of 8
    MplsPMplsP Posts: 1,358member
    These keys put the security at Facebook's end rather than the device end and since most of them are part of 2 factor identification, they're generally more secure than touch ID, but yeah - why is anyone with even the slightest concern about privacy on Facebook?

    Of course these are USB A devices, so they're not compatible with any of the new MacBooks unless you buy a dongle. 
  • Reply 6 of 8
    MplsP said:

    Of course these are USB A devices, so they're not compatible with any of the new MacBooks unless you buy a dongle. 
    That sounds like an assumption rather than a fact, unless you've checked all 300 offerings listed on the FIDO website http://fidoalliance.org/certification/fido-certified-products/
    watto_cobra
  • Reply 7 of 8
    MplsPMplsP Posts: 1,358member
    MplsP said:

    Of course these are USB A devices, so they're not compatible with any of the new MacBooks unless you buy a dongle. 
    That sounds like an assumption rather than a fact, unless you've checked all 300 offerings listed on the FIDO website http://fidoalliance.org/certification/fido-certified-products/
    no - I readily admit that I didn't check every single version of USB key. I was going by the picture published with the article and by the USB key I was issued for my job. IME, these keys are issued by employers or other organizations that run the sites you are accessing (Maybe Facebook is different?) so you get the key they give you and since USB A is the current industry standard, that is what you are most likely to get. 

    Edit - I just took a look at the above web site; I didn't see an ready way to find USB C models but tried doing a search on the site for USB C and got nothing. I also tried a google search and got nothing. Yubico's website does state that it's keys work with a USB C-USB A adapter, though. 
  • Reply 8 of 8
    MplsP said:
    Of course these are USB A devices, so they're not compatible with any of the new MacBooks unless you buy a dongle. 
    I keep telling people not to buy a MacBook Pro because there's no way to plug in an ImageWriter or a modem without a dongle. "You'll never be able to print your AOL email, grandma," I tell her.
    watto_cobra
Sign In or Register to comment.