The safety issue regarding our online accounts and the processing of personal data is a really cared topic by the users of social networks and other web services which require the creation of a profile and its authentication. And this Mark Zuckerberg knows it pretty well: Facebook recently announced, indeed, the creation of a special USB key to log on in complete safeness.
How does the USB security key work?
This is about a small hardware device (which looks like a common pen drive) which connects to one’s own Facebook profile and takes to authenticate for it. It has to be inserted in the Computer USB port: at any use it generates a different password, like what happens with the devices that some banks provide to the clients to carry out online operations. With the unique difference that in this case one will not have the issue of typing the password on the keyboard, because by just pressing a button on the key, the login will occur automatically.
Therefore, Facebook follows Google’s and Dropbox’s footsteps, which already had launched previously their USB sticks to guarantee a better protection of user’s privacy. So far, the safest ways to protect personal data were the double authentication ones, through expiring codes generated by appropriate mobile applications or via SMS sent to the user’s phone. In reality, these methods, which indeed require the use of a phone, seem to be subjected to risks that would decrease the reliability of them. This, instead, doesn’t happen with the security keys generated by hardware devices.
4 reasons why the security keys are completely reliable:
The use of a USB key for the authentication, in fact, is totally safe for several reasons:
- The code contained in the USB cannot be cloned or replied.
- It is immune to phishing, because, as mentioned already, the passwords generated by the USB don’t need to be typed on the keyboard, they are inserted automatically right after the moment of creation, and the code of the encryption is contained directly in the hardware, making it impossible to intercept;
- The security USB key doesn’t store or register any data related to its use.
- To enter a profile protected by a USB security key, one would not only need to know the password of the user, but also to take over the physical device that generates the second security key.
Further advantages in the use of a USB security key
Beyond the safety factor, as Facebook likes to point out, the USB keys for the authentication bring further benefits:
- Interoperability: the keys support the Standard Universal 2nd Factor (U2F), reason why a single device can be used to log on Facebook, and moreover, in any other online account which supports the same technology (as the mentioned Google and Dropbox);
- Fast login: after typing the password, the operation to complete the login will be just pressing a button on the USB key, which will generate the code and will independently insert it to access the profile.
In conclusion, it is easily predictable that this new type of security will replace all methods implemented so far (especially the smartcard). For which reason? In addition to all the benefits listed above, the security keys present an important feature, which make them compatible to any device: they are USB sticks.