Skip to main content

Keep your Facebook account safer with a physical USB key or NFC-enabled phone

facebook security key by yubico
Image used with permission by copyright holder
Facebook has joined the likes of Google and Dropbox with support for physical security key authentication on PC, as well as NFC-capable Android mobile devices. The social media giant has announced it now offers an alternative security measure to two-factor authentication that users can employ starting today, provided they have the necessary hardware, like a Yubikey.

On PC, the process of logging into Facebook this way is as simple as plugging a USB key into your computer and tapping on it after you’ve entered your password. The latest versions of the Opera or Chrome browsers are required to add a key to an account. On Android, you’ll need to have Google Authenticator installed, along with a device and key that both support NFC. The mobile app does not currently support security key login, however, so for the time being, opening the webpage in Chrome is the only option.

At left, the security settings screen on PC. At right, the same screen viewed in Chrome on Android. Facebook

Facebook security engineer Brad Hill stipulated the benefits of physical authentication in a post on Facebook. The company’s implementation relies on the FIDO Alliance’s open Universal 2nd Factor standard already put in practice by a wide variety of companies and services, including Bank of America, Salesforce, GitHub, and Samsung Pay. This means the same key you use to log into Facebook will be interoperable with many other accounts as well.

What’s more, a physical key is a foolproof deterrent against phishing, because it doesn’t require the user to enter a code. “The hardware provides cryptographic proof that it’s in your machine,” Hill explains.

The only potential roadblock for Facebook users or companies looking to further secure their accounts on a PC is that many new ultraportable notebooks — including Apple’s MacBook and MacBook Pro — infamously lack USB Type A ports, the standard format by which most security keys operate. There is a dearth of USB-C-compatible keys on the market right now, though that should soon change. Yubico has announced it will begin selling one in February, which makes Facebook’s news rather well-timed.

Editors' Recommendations

Adam Ismail
Former Digital Trends Contributor
Adam’s obsession with tech began at a young age, with a Sega Dreamcast – and he’s been hooked ever since. Previously…
Your iPhone can now act as a physical Google security key
Google account security

A year after introducing it for Android phones, Google has today announced that iPhones can now function as physical two-factor security keys for logging into the company’s own services like Gmail in Chrome. This authentication method is a lot more secure than the two-factor prompt you’re likely used to, as it requires your iPhone to be physically in the computer’s proximity.

Two-factor authentication adds an extra layer of security to your accounts. However, SMS and internet-based two-factor processes have been in the past failed to prove as secure as one would hope for. Google’s solution for that takes advantage of your phone’s Bluetooth to turn it into a dedicated security key and ensures you’re physically authenticating the login.

Read more
Don’t be like Pierre Delecto. Here’s how to keep your Twitter account a secret
Mitt Romney

On October 20, the Atlantic published a profile on Mitt Romney, in which the Utah Senator admitted to having a secret Twitter account. Slate’s Ashley Feinberg, who had previously unmasked James Comey’s anonymous Twitter, quickly went to work and identified Romney as tweeter Pierre Delecto.

Far be it from me to make Feinberg’s sleuthing more difficult, but the two had some commonalities that helped her track down their accounts. If you’re in the public eye but want to keep some social media private, here are some tips to keep it secret.
Don’t follow your relatives 
This was Romney’s biggest mistake. It was by investigating his granddaughter’s nearly 500 followers that Feinberg was able to find Pierre Delecto, and from there, the evidence only piled up. “The Pierre Delecto account’s very first follow was eldest Romney scion Tagg,” according to Feinberg. She traced James Comey through similar means. Trail of breadcrumbs, thy name is the family follow.
Do follow a mix of people 
Delecto did follow a number of late night hosts (no Stephen Colbert, though) but mostly stuck to politicians, pundits, and reporters. But this is your secret identity! Maybe take the opportunity to learn about a new field. Cheese Twitter, historian Twitter, teacher Twitter, branch out and learn something new. Also, part of why Feinberg was able to discover Comey’s identity is he followed the College of William &  Mary, his alma mater. Maybe if he’d followed a few more colleges, it would’ve muddied the water a bit.

Read more
The FBI wants to get its hands on your Facebook, Twitter, and Instagram data
FBI Investigation

The FBI is looking for a partner to collect data from your social media profiles, which could pit it against new privacy policies Facebook agreed to as part of its $5 billion settlement with the Federal Trade Commission (FTC). 

A request for proposal posted on Aug. 8 reveals that the FBI wants to hire a third party contractor to help it scrape to social media data "to proactively identify and reactively monitor threats to the United States and its interests.” The document was first reported by the Wall Street Journal.

Read more