Facebook Upgrades Login Security for 1.79 Billion Users

Facebook HQ

Joint Research from Yubico and Google Using Physical Security Keys to Log Into Accounts

Facebook has upgraded the login security for its 1.79 billion users by integrating the unphishable protection of the FIDO U2F (universal 2nd factor authentication) Security Key into its social platform.

This means Facebook users, from individuals to the largest organisations, can have peace-of-mind knowing their account is safe and protected with a simple touch of YubiKey, a physical Security Key protecting their Facebook profiles.

All the services accessed by logging in with Facebook accounts are protected as well. The same Security Key can be used for logging in to the growing list of services supporting U2F, including Google, Dropbox, GitHub, Salesforce and many more.

Recent security threats have shown that mobile push apps and SMS based authentication do not offer enough protection against the latest sophisticated phishing and man-in-the-middle attacks.

Users who have a U2F-supported YubiKey can go into their Facebook security settings and set it up. Once a key is registered and authenticated with a Facebook account, users don’t need to use the key again to log in to Facebook on that device until they clear the browser’s cache.

Facebook considers the device as “trusted” for convenience. Login attempts from another device will be blocked unless they also happen to have the password and the physical key.

“We’re excited to offer security keys as an additional option to make login to Facebook even more secure. We’re grateful to Yubico for the support and feedback they’ve provided,” said Brad Hill, Facebook Security Engineer.

Yubico and Google co-created U2F with the vision to deliver easy-to-use, strong public key cryptography for internet scale. Published free for clients and servers, FIDO U2F offers a secure link between the user and the services they connect to. It’s an open standard, not controlled by governments or corporations – users take control over their own security and internet privacy.

study on internal and external Security Key usage by Google validates that U2F is one of the most secure, easy to use, and cost-efficient authentication technologies. And as users can have multiple affordable backup keys, support calls have been significantly reduced compared to phone authenticators.

Historically, strong authentication has been tied to users’ real identities or a central service provider. Yubico’s CTO, Jakob Ehrensvard, introduced the concept of an authenticator that works across any number of services, with no shared secrets. This allows users to be anonymous, and have multiple, yet secure identities. Today, U2F and YubiKeys are used to protect the privacy of individuals and organisations in 160 countries.