How Businesses Can Gain From FB's New “Security Keys”

by CXOtoday News Desk    Jan 30, 2017


Facebook has introduced new security measures for “logging in” thereby allowing account holders to use a physical key to access their social network profile. Security keys are considered to be more effective at preventing phishing attacks and data breaches than two-factor authentication via SMS.

In other words, Facebook now supports the FIDO U2F security key, a physical key that’s plugged into the USB-port on a computer and is tapped to confirm login, alongside a password to open Facebook, a move the company says, makes accounts “immune” to hackers.

Experts often applaud two-factor authentication (2FA), also known as two-step verification, a security process in which the user is provided with two layers of authentication. These authentication factors verify that the claimed user is actually the one who they say they are.  2FA can be differentiated from single-factor authentication (SFA), a security process in which the user provides only one factor — generally a password.

Hackers find it difficult to penetrate the two-factor authentication system as it provides an additional layer of security which makes it difficult to gain access to a person’s devices and online accounts. In this case, knowing the victim’s password alone is not enough to pass the authentication check. The best part is, Facebook is now compatible with security keys. This will ascertain users he has complete control of one’s account, according to a company statement.

From an enterprise perspective, security keys offer a relatively simple way to secure online accounts from malicious activity. As passwords alone are not enough when it comes to internet security, and both companies and individuals continue to rely these passwords, which are prone to hacks with reports of password leaks of major consumer accounts, such as Twitter, LinkedIn and Yahoo.

Read more: Facebook Making Business Communication Easier

As businesses tend to rely on an increasing number of web platforms, making the need to secure and protect data and access all the more critical. Two factor authentication using SMS messages, or better still, applications like Google Authenticator, is still far more secure than using a simple username and password. Using a secure key makes the process faster and more convenient and increases the level of security.

“When you log into Facebook from a new phone or browser, you’ll enter a special security code from your phone in addition to your password. That way, it’s much harder for someone else to access your account, even if they have your password,” security engineer Brad Hill said in a Facebook Security note.

“Now we are taking that account protection a step further with Security Key. Most people get their security code for login approvals from a text message (SMS) or by using the Facebook app to generate the code directly on their phone. These options work pretty well for most people and in most circumstances, but SMS isn’t always reliable and having a phone back-up available may not work well for everyone” he added.

Currently, the feature is only available for Android devices. The login system can be availed through user’s mobile site rather than through the Facebook app and these keys can be used with Google, Dropbox and Salesforce. 

Analysts believe Facebook has indeed made a smart move by adding support for U2F and it would be hugely beneficial if more sites and companies support this form of security going forward.