Facebook Login Security Takes A Fresh New Route Via USB Key

Facebook login security has been getting easier and easier to bypass for hackers who know what they're doing. What used to be little more than a keyword is no longer capable of keeping your account free of hacking.

Edward Snowden, the ex-NSA whistleblower, tackled that very idea when he was interviewed for Last Week Tonight with John Oliver. He stated that most passwords are completely useless, often being sequential numbers, the actual word "password," or even a combination of characters which are easy for the user to remember. Many websites have updated their standards, so you need at least one upper-case letter, one lower-case letter, one number, and one special character, and at least eight characters in total to even make your password up to acceptable standards.

Snowden had suggested something similar, but combining it into a phrase based on a highly unpopular opinion. Unfortunately, determined hackers have ways around this as well, and now websites such as Facebook and Yahoo are offering the option to take internet security one step further.

Of course, accepting the extra step on Yahoo might mean you can't use a separate application on your smartphone to access emails anymore. Some find Yahoo's own app to be inferior to second-party email apps which manage the inbox a lot better, actually deleting emails the first time instead of making you do it twice. Yahoo has introduced the extra step most likely because their email system has been known to be one of the least secure of them all, with accounts being hacked almost regularly.

'Mission: Impossible' has been known to find new methods of computer hacking
'Mission: Impossible' has been known to find new methods of computer hacking. [Image by Paramount Pictures]

The truth is that there is no such thing as absolute security. Movies like Mission: Impossible and Iron Man have proven that, the latter of which uses a method similar to what Facebook is now offering.

Facebook's login security upgrade might not work in some cases, as hackers can still download your photos and re-upload them to a fake account using your name. This is a violation of the terms of use, but it can still be done. Unwitting friends and family might think you simply closed your original account and add the hacker without realizing who they really are.

Such violations aside, CNet says there is a new method which uses a USB key, much like Facebook employees use on the back end with their personal assets. They find it to be the most secure method possible, short of retinal and fingerprint scans which might cost a few thousand dollars. Of course, only professionals would consider that to be worth the money. The USB key would be a much more practical compromise for the average Facebook user.

The key looks a lot like your usual flash drive, combined with what looks like a car's remote key. It works similar to one as well. You plug it into the USB port on your computer, the software communicates with Facebook's servers, and you push the button to unlock your account.

Car remote keys may have inspired Facebook login security keys
Car remote keys may have inspired Facebook login security keys. [Image by Michaelstockfoto/Shutterstock]

Social media mostly exists because friends aren't always in the same geographical area, so connecting online is convenient. It also means that it's highly inconvenient for most people to physically meet you and take your security key. You can probably expect there to be a kind of theft insurance for that scenario if this becomes the new rule, or a subscription fee to own one if Facebook wants to monetize it.

Security engineer Brad Hill has stated that the USB key is probably the most secure way to avoid getting your account hacked, as even with two-form authentication which Facebook currently uses, it can be bypassed. Some hackers have been known to send emails to Facebook users often stating that they need to update their password, and nine times out of ten, it's a phishing tactic to steal your login credentials. Using the Facebook login security key, phishers can't get that far, as they would have to physically possess the USB device.

Many third party manufacturers are working with Facebook to make these keys, including Yubico's FIDO U2F, sold for $40 and up.

Is it worth the dent in your wallet to give your Facebook and possibly other social media networks an extra boost in security?

[Featured Image by Rawpixel.com/Shutterstock]