Facebook is finally expanding its support of physical security keys to mobile devices, the company announced Thursday. Facebook has supported security keys on desktop since 2017 and will now enable iOS and Android users to log in to their account via the physical key.
A security key is a device that generates an encrypted, one-time security code for use in two-factor authentication (2FA) systems. Modern security keys support a variety of hardware formats, such as USB-A and USB-C, Lightning for iPhone users, and even Bluetooth.
In most cases, security codes for 2FA are sent to a user’s phone via text-based SMS message. But security keys go the route of hardware-based authentication, requiring an actual physical device that’s inserted into a device as a second form of identification.
Security keys are thought to be more effective at preventing phishing attacks and data breaches than 2FA via SMS, because even if someone’s credentials are compromised, account login is impossible without that physical key.
In addition to expanding support for security keys to mobile, Facebook said it also plans to expand its Facebook Protect program availability globally and add more groups outside of political campaigns and candidates in the coming year. The social media giant launched Facebook Protect in 2019 in the US.
Facebook doesn’t manufacture its own security keys but is encouraging users to purchase them directly from vendors.
“Since 2017, we’ve encouraged people that are at high risk of being targeted by malicious hackers: politicians, public figures, journalists and human rights defenders,” Facebook said in a blog post. “We strongly recommend that everyone considers using physical security keys to increase the security of their accounts, no matter what device they use.”