Facebook is expanding its support of physical security keys for two-factor authentication (2FA) on mobile devices, the company said in a blog post Thursday. The social platform has supported security keys for its desktop version since 2017, but starting today, it will let users on its iOS and Android apps use them to secure their accounts as well.
Two-factor authentication provides another layer of support for online accounts, requiring users to log in with their password and an additional piece of information, usually a numeric code generated by a third-party system. Without both pieces of information, it’s much harder for someone to access your account even if they have your password.
“We strongly recommend that everyone considers using physical security keys to increase the security of their accounts, no matter what device they use,” Facebook’s blog post states.
Physical security keys, which connect to your device using USB or Bluetooth are widely considered the best way to protect online accounts. Other methods, like authenticator apps or SMS alerts, generate codes for users to type in, but the codes could potentially be intercepted by a malicious third party seeking access. Once a user connects the key — which they need to keep on their person or nearby — to their device, it verifies their identity, allowing them to log in.
Twitter said earlier this week it is planning a future update that will allow accounts with 2FA enabled to use security keys as their sole authentication method. Right now, Twitter users can use a security key plus a second 2FA method as backup.