Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Facebook Strengthens User Account Access with Security Keys

    By
    Sean Michael Kerner
    -
    January 26, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Facebook Security Key

      Facebook announced on Jan. 26 that it is supporting Security Key technology, based on the FIDO Alliance Universal 2nd Factor (U2F) standard, in an effort to improve security and reduce the risk of user account takeovers.

      With an increasing volume of data breaches that have leaked user passwords, the need for strong authentication methods, beyond just a simple username and password, has become increasingly apparent. Facebook has had a optional feature called Login Approvals since May 2011, providing users with a one-time code via an application or SMS message, that is required in order to log into an account.

      The new U2F support goes a step further, providing the option for Facebook users to use a USB security key that is plugged into a device, in order to gain secure access. The U2F standard was first announced by the FIDO (Fast Identity Online) Alliance in December 2014 as a method to help improve strong authentication. With a U2F security key, a user does not need to wait for an SMS message or a code from an application, either of which could potentially be intercepted by an attacker.

      With the new U2F Security Key support, Facebook will now join multiple other large organizations that have adopted the technology.

      “It’s very similar to all the internet services that have support for FIDO U2F, including Google, Dropbox, Salesforce, GitHub, and gov.UK,” Stina Ehrensvard, CEO and Founder, Yubico, told eWEEK.

      Yubico is one of the main contributors to the U2F standard and sells security keys that can be used by Facebook users. While Facebook is now embracing U2F, the company is not a member of the FIDO Alliance.

      “Facebook is not a member of the FIDO Alliance, but I participated there previous to joining Facebook,” Brad Hill, Security Engineer at Facebook, told eWEEK. “We didn’t specifically work with Yubico to enable this from a product perspective, but they provided valuable feedback on our implementation and have supported our announcement.”

      Hill added that while Facebook is now supporting U2F, the social networking site will continue to support Login Approvals, with codes delivered over SMS or from a code generator app. Additionally, he noted that Facebook’s mobile apps have a built-in code generator feature. Alternatively, individuals can use any third-party app supporting the Time-Based One-Time Password (TOTP) standard, such as Duo or Google Authenticator.

      While Facebook has supported multi-factor authentication since 2011, it’s unclear how many users take advantage of the capability.

      “We don’t have numbers to share about adoption, but we hope that providing additional options like Security Key will help make two-factor features more convenient for people,” Hill said.

      When the popular GitHub online code development site decided to support U2F in 2015, it helped to advance adoption by giving away Yubico Security Keys at its developer conference. Facebook also is taking steps to help get Security Keys into its users’ hands.

      “We’re starting by letting people know where they can get these keys,” Hill said. “At the upcoming Enigma Conference in Oakland next week, we plan to give out some keys as well.”

      Google is among the earliest large adopters of U2F and in December 2016, the company released a two-year research study about Security Key usage. The study concluded that Security Keys contribute to improved security as well as lower costs.

      Facebook has its own expectations for U2F adoption and how it will help to improve security.

      “There is no one-size-fits-all solution for the nearly 1.8 billion people who connect through Facebook, and all the diverse ways they use our platform,” Hill said. “It is important to provide a variety of options so that everyone can access the tools that are right for them to feel confident and in control of their account security.”

      “We hope that people will find Security Keys a convenient way to make their online lives more secure, not just on Facebook, but also at other services like Google and Dropbox,” he said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×