Facebook on Thursday announced the introduction of a Security Key system for its two-factor authentication method while logging in to the social media site. In this Security Key 2FA process, Facebook also introduced NFC-based logins for its mobile site - a first of its kind for any social site.
The social networking giant currently offers 2FA via a security code for login approvals from a text message (SMS) or by using the Facebook app to generate the code directly on their phone. Now, Facebook has introduced a new security key system that can transmit data via NFC to help log into the social media site through a physical key. This means that NFC-embedded Android devices can now use NFC-capable keys (like Yubico's) to log into Facebook's mobile site. The security key system, even though a great step forward, is still in its nascent beginnings. First up, it won't work on your app, and is only compatible with the mobile site on the latest version of the Chrome browser. Furthermore, you will also need the latest version of the Google Authenticator installed on your Android device to make this 2FA process work.
Apart from NFC logins, Facebook introduced the traditional security key system as an added option for 2FA. This means that you can register a physical security key to your account so that the next time you log in after enabling login approvals, you'll simply tap a small hardware device that goes in the USB drive of your computer. This again, has support only for the Web browser. Furthermore, you'll need to be using the latest version of Chrome or Opera to add the Security Key from your computer.
With all these shortcomings, it is unlikely for this feature to be adopted widely, but it's still a testimony of the things to come in the future. With the advent of a hardware part being essential for logging in to Facebook, the potential of an exploit becomes negligible.