Facebook now allows the use of physical security keys to mobile devices. Starting today, Facebook users on Android and iOS mobile devices will also be able to use physical security keys for their accounts that are enabled for two-factor authentication.
As we have already discussed on more than one occasion, two-factor authentication adds a layer when logging into user accounts, there being different methods, such as using codes received by SMS or generated by third-party applications, which could be intercepted by attackers, making physical security keys a much more robust solution.
Expanding the use of physical security keys to mobile devices
It so happens that from 2017 to date, Facebook has only allowed the use of physical security keys for its desktop version, even though the use of cell phones has been gaining quite a lot of ground in all these years, surpassing in accesses from them concerning accesses from desktop computers in many of the services we usually use.
Now, from Facebook:
We strongly recommend that everyone consider using physical security keys to increase the security of their accounts, regardless of the device they use.
In this regard, Facebook notes that users can purchase physical security keys from the respective manufacturers, clarifying that they are not manufacturers of this type of hardware device.
Once a physical security key is available, either connectable wirelessly via Bluetooth or physically via USB, Facebook notes in this regard that:
You can enroll your security key in two-factor authentication within the Security & Login section of your Settings.
While the use of this type of device is recommended for people at high risk of being attacked as politicians, journalists, or any other position that may be subject to attack due to their high level of relevance, Facebook would like this type of device to be able to be used by any other user as well.
Coincidentally, this move comes in the same week where Twitter is way ahead of Facebook by starting by allowing the use of more than one physical security key per account, both on desktop and mobile, adding that later on it will also allow the use of physical security keys as the only 2FA authentication method.