Facebook has added a new feature to further strengthen the protection of users’ accounts.
The social media giant announced on Thursday that users could now register a physical security key with their accounts to verify their identity.
“Most people get their security code for login approval from a text message (SMS) or by using the Facebook app to generate the code directly on their phone,” explained Facebook Security Engineer Brad Hill.
“These options work pretty well for most people and in most circumstances, but SMS isn’t always reliable and having a phone back-up available may not work well for everyone,” he said.
The feature replaces the need for typing in a verification code to be granted access, allowing users to simply plug in the device into their computer’s USB port and tapping it when prompted.
Users would have to purchase the device through companies like Yubico – which range from $18 to $50, depending on added features like strong cryptography and near-field communication (NFC).
Hill pointed out the feature provides numerous important benefits, including protection against phishing, interoperability and faster logins.
“Your login is practically immune to phishing because you don’t have to enter a code yourself and the hardware provides cryptographic proof that it’s in your machine,” said Hill.
Furthermore, Hill noted that security keys that support Universal 2nd Factor (U2F) can be used for more than just your Facebook account. Users can also use them to enhance the log-in security of accounts such as Google, Dropbox, GitHub and Salesforce.
Lastly, a tap on the key is much faster than entering your password, added Hill.
Security keys for logins currently only work with the latest versions of Chrome or Opera, and do not support the mobile Facebook app. However, users with NFC-capable Android devices can use NFC-supporting keys to log in from the mobile website.