Many industry insiders consider physical security keys used in the context of two-factor authentication login schemes to be the final word in digital security. That is because even if your password is compromised, if you’re using a physical piece of hardware that has to be inserted when prompted for to complete the process, a hacker can’t breach the account in question without first having physical access to the key.
Facebook has supported physical security key 2FA for desktop environments since 2017, but until quite recently, iOS and Android users simply didn’t have that option. That has now changed, thanks to a recent announcement by Facebook that they were expanding their physical security key 2FA offering to support both product ecosystems.
Almost universally, privacy and security experts applaud this move. Far and away the most common form of two-factor authentication in use today is the text code. You enter your password as you normally would, and then the site you’re logging into send you a six or eight digit code to your phone. You enter that code to complete the login process.
The problem with that approach, however, is that text messages can be intercepted by determined hackers, which makes that form of 2FA not as robust or secure as a physical key. Granted, it’s still heads and shoulders better than not having 2FA enabled at all. However, if you’re looking for maximum security with a minimally intrusive process, then a physical security key will make your organization and the sensitive data you’re trying to protect that much more secure.
Kudos to Facebook for expanding their physical security key offering, and here’s hoping that other companies in the space follow their example in short order. Anything we can do to reduce the number of data breachers has to be counted as a win.