Facebook Inc. is giving users a new way to keep their social network accounts secure. On Thursday, it announced it was introducing a new form of two-factor authentication that relies on hardware dongles – a physical key – in addition to passwords.
Facebook will use two types – USB security keys you can slide into a laptop and touch to activate, and NFC security keys that can communicate with wireless chips built into certain Android smartphones.
Facebook had long offered two-factor authentication – aka Login approvals – via randomly generated codes sent to your phone via text message or the Facebook app. Because it requires a phone (or a dongle), the process prevents account access by someone who simply finds out your password.
Privacy experts almost universally recommend using two-factor authentication wherever available—and we’ve been urging users to employ two-factor verification for years now, among other tips to keep you from being hacker bait. Regardless of which type you choose, you definitely should make sure your login approvals are activated.
So why use a hardware dongle instead text messaging? Facebook security engineer Brad Hill said in a blog post it makes sense for people who find SMS text messaging unreliable, and those who don’t always have a mobile phone handy but still want to use the social network securely.
Facebook has created a guide to what sort of security keys you can buy – for around $15 to $20 – and how to set them up. But there are a few important caveats to keep in mind before buying yourself a dongle. Currently, security-key login only works with Facebook’s mobile and desktop websites, not its popular mobile apps. And the NFC option only works with NFC compatible devices, excluding Apple iPhone. To use the security keys, you will need the latest Opera or Google Chrome browsers.
Bear this in mind: If you do opt for a dongle, make sure to print out Facebook’s recovery codes, found in Security Settings under Login Approvals. If not, and you lose your dongle, you might get locked out.
Logins with two-factor security are available with most major tech companies these days, including Apple, Alphabet Inc.’s Google, Twitter Inc. and Microsoft Corp. Google and Dropbox Inc. also give users the options of using physical security keys.
Along with this, Facebook redesigned its Privacy Basics pages. The new guide directs users to the same things as before—user controls for login security, privacy and advertising settings, plus Facebook’s “Privacy Checkup.” But the new look is more attractive, and designed to be easier to use, Facebook said.