Facebook Launches NFC-Based Two Factor Authentication Process for Added Security
Facebook has announced a new feature called ‘Security Key’ for two-factor authentication while logging on to the social media website, that does not need an SMS to be sent. The social media company has declared that it will now support FIDO U2F security key, which is a physical key that is plugged in a USB-port on a computer and tapped to confirm login along with the password.
Security keys work as part of Facebook’s two-factor authentication system, which adds a second layer of defense in case a user’s password is conceded. Usually, that second factor is a string of numbers sent over text or an onboard app, but the security key makes it a physical device, a smart USB drive implanted into the computer whenever we log in. To make it work, we’ll have to buy a device and carry it with us at all times, usually on a keyring, but the end result is easier and faster than waiting for a code over SMS. A number of services already support security keys under the FIDO specification, including Dropbox, Google, and GitHub.
The social networking giant presently offers 2FA via a security code for login approvals from a text message (SMS) or by using the Facebook app to produce the code directly on their phone. Now, Facebook has announced a new security key system that can transmit data via NFC to help log into the social media site through a physical key. This means that NFC-embedded Android devices can now use NFC-capable keys to log into Facebook's mobile site.
Apart from NFC logins, Facebook presented the traditional security key system as an added option for 2FA. This means that we can register a physical security key to our account so that the next time we log in after enabling login approvals, we'll simply tap a small hardware device that goes into the USB drive of our computer. This again has support only for the Web browser. Furthermore, we'll need to be using the latest version of Chrome or Opera to add the Security Key from your computer.
With all these shortcomings, it is unlikely for this feature to be implemented widely, but it's still a testimony of the things to come in the future. With the advent of a hardware part being essential for logging in to Facebook, the potential of an exploit becomes negligible.
Facebook is the first major platform to support the NFC system, although obtainability is still spotty. It’s only accessible on Android, and users will have to log in through the mobile site rather than the app itself. The setup also needs the most recent version of the Google Authenticator app. “Right now the APIs to do this are still pretty new,” Hill explains. “There aren’t native APIs yet in Android for an app to take advantage of.”
The resulting system is unlikely to be widely used, but it’s a glimpse of what two-factor protections could look like on a mobile device, a future that Hill and others at Facebook seem eager to reach. “We’re looking forward to other methods like Bluetooth,” says Hill.
Using security keys for two-factor authentication has a number of benefits:
1. Our login becomes protected to phishing because we physically don’t enter a code our self, instead of the hardware providing cryptographic proof.
2. Security keys supporting U2F will not just work for Facebook accounts, but can also care online accounts of GitHub, Dropbox, Google, Salesforce, and others.
3. Logging in becomes fast and simple on our desktop, thanks to just a tap on the key after you enter our password.
“Security keys for Facebook logins currently only work with certain web browsers and mobile devices, so we’ll ask you to also register an additional login approval method, such as your mobile phone or Code Generator.To add a security key from your computer, you’ll need to be using the latest version of Chrome or Opera. At this time we don’t support security key logins for our mobile Facebook app, but if you have an NFC-capable Android device with the latest version of Chrome and Google Authenticator installed, you can use an NFC-capable key to log in from our mobile website,” the Facebook team said on the blog.