Facebook Becomes The Latest Major Company To Support U2F Security Keys
The Universal 2nd Factor (U2F) standard designed by the Fast Identity Online (FIDO) Alliance gained Facebook as another important supporter.
Google became the first major technology company to embrace the U2F second factor authentication standard to its Chrome browser. Since then other players like GitHub, Dashlane, and more recently Dropbox have also implemented U2F authentication because of its security benefits and ease of use.
U2F Security
U2F relies on a USB hardware token, often called a security key, instead of codes sent via SMS or generated by mobile apps. The U2F token uses public key cryptography and operating system or browser-level APIs to identify you to the service you’re trying to access. The private key stays on the token, while the public key is sent to the company’s server, which allows you to access the service. This makes two-factor authentication much easier to use.
As we’ve mentioned before, because U2F isn’t that popular yet, virtually all services that have implemented it so far have also required users to add a phone number or use an authenticator app such as Google Authenticator or Authy. This can reduce the security strength of the U2F protocol to that of SMS or the authenticator app.
Facebook seems to ask for an SMS or authenticator app to be used as backup as well. However, it also allows users to save a list of pre-generated Recovery Codes that people can manually enter when requested, if they ever lose their security key. This would allow users to maintain the high security level of the U2F authentication method, as long as the codes are printed and stored in a safe place, not just saved as an image on their PC’s desktop.
Facebook U2F Support
Facebook’s U2F authentication is only supported in Chrome and Opera (which is based on Chromium) right now. Mozilla has promised U2F support for late 2016, but it looks like it has been delayed. Mozilla also plans to adopt a sister FIDO protocol that would allow users to replace their passwords, too, with a similar solution to U2F that uses public key cryptography. Microsoft’s Edge browser is expected to gain support for U2F in the first part of 2017.
Facebook said that U2F isn’t supported in its mobile app yet, but if users have an NFC-capable Android device and security key as well as Google’s Authenticator app, they could use them to authenticate via U2F to the mobile Facebook website.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Asus 'Turbo Game Mode' arrives on its AM5 motherboards — second CCD and SMT toggles arrive for up to a 35% performance boost on X3D chips
Last-minute PS5 Pro leaks indicate system will pack 16.7 TFLOPS GPU with 16GB dedicated GDDR6 VRAM — plus 2GB DDR5 system RAM
Asus WRX90 motherboards reportedly support 3D V-Cache Override — Will next-gen Threadripper 9000 "Shimada Peak" CPUs have an X3D counterpart?
-
dabeargrowls lol...ya, I want to plug things in my phone or tablet. People prefer something easy. I use google authenticator two factor and I don't have to find my dongle or a converter to plug it in.Reply