Facebook has added a new security feature that
will be tough for hackers to compromise accounts.
Now, Facebook users can activate their security
key to authenticate their identity during the login process.Users are required
to activate their login through the security key , so that if hackers won't be
able to hack the account even if they know users login and password details.
The new security system is based on two layers of
authentication that will generate two different keys with an extra optional
layer of security that will help in identity during the login process.
During this security protocol , the user will
enter their username and password during login and the website will return them
a verification code which will be entered by the user so that website can
authenticate whether its proper user of the account or someone else with the
stolen password.
While this extra addition of key will add extra
layer of protection , this method has its own drawback , a hacker can reset the
sim for the user's phone and intercept SMS messages , as some hackers have done
in past with De Ray McKesson last summer .
Security keys solve this problem by cutting the
need to transmit the verification code to the user. Keys like manufactured by
Yuvico fit into USB port and can generate a one-time code at the tap of finger
and unlike SMS , these codes can't be accessed without physical access , and
the security key authentication makes it more faster this way . While SMS
service depends on phone connection very much , this type of system security is
more faster and doesn't require cell service .
Brad Hill, a security engineer at Facebook, says
it was easy for the company to roll out the feature because Facebook already
used this security system for in-house engineering staff to login to the
systems so it was just matter of
extending feature to Facebook
users .
“We don’t consider two-factor a mandatory thing,”
Hill explains. “We see account security as our responsibility regardless of
technologies you choose to use. For people who want to stay in control, this
would be a good choice for someone who wants to stay ahead of even the most
advanced attacks.”
Unfortunately, there’s not a great way to
integrate security keys with most mobile devices yet. When logging into their
Facebook accounts on mobile, most users will still have to go through the
regular old two-factor SMS process (Facebook also lets users generate their
verification code through the Facebook app). Users with NFC-capable Android
devices and the latest versions of Chrome and Google Authentication can use an
NFC-capable key to verify their identity on the Facebook mobile website.
The challenge of using a security key with a
mobile device is one Hill expects to see addressed in the future. Although
access is currently limited to certain Android users, Hill says he anticipates
more APIs on the Android platform that will support security keys — and that
other platforms will follow suit.
If you are ready to activate your security key?
Go to Security Settings in your account and click “Add Key.” (Note: This will
only work if you’re using the Chrome or Opera browser.)