As Facebook users increasingly deal with personal and payment data, the social media giant is turning to the Security Keys standard hosted through the Faster Identity Online Alliance for stronger authentication.
Facebook is encouraging users to consider registering a physical security key to their accounts. After doing so, users would tap a small hardware device that goes into the USB drive of their computers after enabling login approvals, Brad Hill, security engineer at Facebook, stated in a Thursday post to its security blog.
Those interested in the security key can purchase one through several FIDO-certified vendors to ensure more secure access to Facebook, Google and various other online services.
“By adding FIDO authentication to its security portfolio, Facebook gives their users the option to enable unphishable strong authentication that is no longer vulnerable to social engineering and replay attacks using stolen 'shared secrets' like passwords and one-time-passcodes,” Brett McDowell, executive director of the FIDO Alliance, said in a statement delivered to the media.
Google deployed the Security Keys about two years ago, using the FIDO standards to put the security measure in place with its own employees to get a better understanding of how the two-factor authentication process would work through the Chrome browser. The company reported two months ago that it found the security hardware to be an effective approach to stopping phishing and other web-based attacks.
Facebook's endorsement of FIDO authentication technology is "a major milestone in the growth of the FIDO ecosystem" because the standards are now available to billions of Facebook users, McDowell said.
The security keys for Facebook logins currently work only with certain web browsers and mobile devices, so users will be asked to register additional login approval information, Hill said in the blog post.
Facebook has increased its discussions with payments providers and technology companies to advance payment capability through its Messenger service, while also setting up merchant marketplaces that may have payment options in the future.
Over the past five years, the FIDO Alliance has grown to more than 250 members, featuring major payments companies, financial institutions and security technology firms, to establish stronger authentication methods and decrease the use of passwords for logging into accounts.
Most recently, FIDO accelerated its focus on payments, establishing a relationship with the EMV standards body EMVCo to work on stronger authentication methods related to EMV payment use cases.