Facebook is finally expanding its support of physical security keys to mobile devices, the company announced Thursday. Facebook has supported security keys on desktop since 2017 and will now enable iOS and Android users to log in to their account via the physical key.
A security key is a device that generates an encrypted, one-time security code for use in two-factor authentication (2FA) systems. Modern security keys support a variety of hardware formats, such as USB-A and USB-C, Lightning for iPhone users, and even Bluetooth.
In most cases, security codes for 2FA are sent to a user’s phone via text-based SMS message. But security keys go the route of hardware-based authentication, requiring an actual physical device that’s inserted into a device as a second form of identification.
Security keys are thought to be more effective at preventing phishing attacks and data breaches than 2FA via SMS, because even if someone’s credentials are compromised, account login is impossible without that physical key.
Physical security keys, which connect to your device using USB or Bluetooth are widely considered the best way to protect online accounts. Other methods, like authenticator apps or SMS alerts, generate codes for users to type in, but the codes could potentially be intercepted by a malicious third party seeking access. Once a user connects the key which they need to keep on their person or nearby — to their device, it verifies their identity, allowing them to log in.
Twitter said earlier this week it is planning a future update that will allow accounts with 2FA enabled to use security keys as their sole authentication method. Right now, Twitter users can use a security key plus a second 2FA method as backup.
