Starting today, Facebook users on Android and iOS mobile devices will also be able to use physical security keys for their accounts that are enabled for two-factor authentication.
As we have already mentioned on more than one occasion, two-factor authentication adds an additional layer when logging into user accounts, there are different methods, such as the use of codes received by SMS or generated by third-party applications, that could be intercepted by attackers, so physical security keys are a much more robust solution.
Expanding the use of physical security keys to mobile devices
It so happens that since 2017 to date, Facebook has only allowed the use of physical security keys for its desktop version, despite the fact that the use of mobile phones has been gaining a lot of ground in all these years, exceeding in accesses from them with respect to accesses from desktop computers in many of the services that we use regularly.
Now, from Facebook:
We strongly recommend that everyone consider using physical security keys to increase the security of their accounts, regardless of the device they use.
In this regard, Facebook points out that users can buy physical security keys from the respective manufacturers, clarifying that they are not manufacturers of this type of hardware device.
Once a physical security key is available, either wirelessly connectable via Bluetooth or physically via USB, Facebook points out that:
You can enroll your security key in two-factor authentication within the Security and Login section of your Settings.
Although the use of this type of device is recommended for people at high risk of being attacked because they are politicians, journalists or any other position that may be subject to attack due to their high level of relevance, Facebook would like this type of device to it could also be used by any other user.
Coincidentally, this movement comes in the same week where Twitter is far ahead of Facebook when starting allowing the use of more than one physical security key per account, both on desktop and mobile phones, adding that later on it will also allow the use of physical security keys as the only 2FA authentication method.