Facebook joins online services like Google, Dropbox, Salesforce, and GitHub in enhancing user logins with hardware security keys to help prevent attackers from breaking into user accounts. Google and Facebook are among the largest names supporting universal second factor (U2F), and it’s taking way too long for other companies to do the same.
Many online sites and services, Facebook included, already let users turn on two-factor authentication to secure accounts with stronger items than passwords. However, the decision to support FIDO-compliant U2F keys takes the security mindset a step further.
With U2F, Facebook relies on the cryptographic token stored on the USB key plugged into the user’s computer for authentication. There’s no need to send one-time passwords over SMS or to generate them on a mobile app. Since the token can’t be intercepted by malware or via phishing, user accounts are more resistant to account hijackings.
Source: Infoworld.com | Security