New York: Facebook has added a new login option with `security keys` that requires a user to enter a special security code from their phone in addition to the password when they login from a new browser to minimise data breach.


COMMERCIAL BREAK
SCROLL TO CONTINUE READING

According to a Facebook blog post, though most people get security code for login approvals from a text message (SMS) or by Facebook app to generate the code directly on their phones, SMS is not always reliable and having a phone back-up may not work well for them.


"You can register a physical security key to your account so that the next time you log in after enabling login approvals, you will simply tap a small hardware device that goes in the USB drive of your computer," said Brad Hill, security engineer at Facebook.


Using security keys for two-factor authentication provides a number of important benefits


Phishing protection: Your login is practically immune to phishing because you don't have to enter a code yourself and the hardware provides cryptographic proof that it's in your machine.


Interoperable: Security keys that support U2F don't just work for Facebook accounts. You can use the same key for any supported online account (e.g. Google, Dropbox, GitHub, Salesforce), and those accounts can stay safe because the key doesn't retain any records of where it is used.


Fast login: If you use a security key with your desktop computer, logging in is as simple as a tap on the key after your enter your password.


Security keys can be purchased through companies like Yubico, a key manufacturing firm, and the keys support the open Universal 2nd Factor (U2F) -- an authentication technology initially developed by Google -- standard hosted by the `Fast IDentity Online` (FIDO) Alliance.