It's still not mandatory to set up multifactor authentication on Facebook, but the social media giant today announced it now supports Universal 2nd Factor (U2F) standard-based hardware security keys as an extra layer of security for user accounts.
Users must purchase the keys from hardware vendors.
"Starting today, you can register a physical security key to your account so that the next time you log in after enabling login approvals, you'll simply tap a small hardware device that goes in the USB drive of your computer. Security keys can be purchased through companies like Yubico, and the keys support the open Universal 2nd Factor (U2F) standard hosted by the FIDO Alliance," said Facebook security engineer Brad Hill in a post today.
Two-factor authentication long has been considered a best practice for online user accounts, but it's not in widespread use. Hardware-based key fobs are considered more secure than 2FA using SMS text messages, for example, which can be hijacked via man-in-the-middle attacks.
The move is a big win for the FIDO standard. "Today we cross a major milestone in the growth of the FIDO ecosystem as Facebook endorses FIDO authentication standards by making this capability available to its billions of users," said Brett McDowell, executive director of the FIDO Alliance.