Facebook is the most popular social media tool, for people to connect and communicate. Users share their day to day activities and photos, but there lies a constant threat of privacy infringement from hackers and phishers that have prompted Facebook to introduce additional security measures to protect against such intrusions of private space.Well, even though hacking a Facebook account is not easy, it still is possible if it configured correctly. At present Facebook provide a user to enable Two-factor authentication (2FA) to secure online accounts, which works by asking the users to manually enter a six digit secret code generated by an authenticator app or sent via SMS or email. A hacker who has access to your login info would not be able to access your account since you gets an OTP or One Time Password.Recently, the United States National Institute of Standards and Technology has recommended not using SMS-based 2FA as it has been proven unreliable citing two reasons:
- Network Coverage Issues of operators
- Increase in number of attacks on OTP schemes
So to enhance security Facebook has now come up with a solution, the FIDO-Compliant Universal 2nd Factor Authentication (U2F). It allows users to log in to their account using a physical security key instead of depending on an OTP sent via email or SMS. A U2F hardware based authentication process makes the process simpler, faster and much more secure. The tiny USB device which can authenticate your account is easy to use and aids in hassle free access to your account from any computer. Activation of the key is a simple procedure
- Go to Security settings of your Facebook account
- Open Login Approval and click ‘Add Key’ shown in ‘Security Key.'
- Facebook request you to insert security key/device into any USB port
Therein, whenever you log into your Facebook account, you are asked to plug in the security key in the USB slot. Once connected, the device generates an OTP for use in 2FA systems and logs you in. These hardware keys ensure better protection against phishing and account takeovers than conventional 2FA systems as username, and password credentials are of no importance unless accessed via the physical key.As quoted by Brett McDowell, Executive Director of the FIDO Alliance “FIDO authentication added to Facebook’s security portfolio, gives their users the facility to enable strong authentication and secure their users across the world.” At present, the security feature is supported by Chrome and Opera Web Browsers and implemented by major companies like Google, Dropbox, Salesforce. The Facebook app is not compatible with this feature but Android users with NFC supported handsets can avail this feature. Installing the latest version of Chrome and Google Authenticator enables to use the security key to log in from the mobile website.
