Daily BulletinDaily Bulletin

The Conversation

  • Written by David Glance, Director of UWA Centre for Software Practice, University of Western Australia

In an attempt to increase the security of online accounts, Facebook has added support for 2 factor authentication using USB security keys.

The security keys supported are ones that support a standard called U2F which stands for Universal 2nd Factor authentication. Logging into Facebook still involves using a username and password but the 2nd factor of the process is simply a matter of inserting the key into the computer and touching a metallic part of the key. The process is faster than using an SMS text message or special authenticator app and it is potentially more secure.

U2F was designed to provide a physical device that wasn’t susceptible to hackers using “man in the middle attacks”. Theoretically, a hacker could reproduce the login page of a bank or a service like Google and get the user to put their username and password in. Even when a text message is sent to the phone or an application like Google Authenticator is used, the fake login screen can simply capture that information from the user and pass it on to log in.

With U2F, the exchange of information that is provided by the secure key is able to prevent this type of attack and even alert the user to the fact that the login screen was fake.

Using SMS text messages to receive a second key also suffers from the problem that hackers can use a variety of means to intercept text messages. Hackers have been able to socially engineer telecommunications providers and get replacement SIM cards sent to them to hijack a person’s phone. It is also possible to get text messages re-routed to another number using a weakness in mobile wireless communication protocols. Hackers can also use fake mobile phone towers to intercept the text messages.

There are a number of issues with security keys however. They cost between US$18 and US$50 and they currently only work with modern versions of the Chrome and Opera browsers on computers and Android phones that support NFC.

The other problem is that at present, you can only use a security key using U2F to log into Google, Facebook, GitHub, Salesforce and Dropbox.

There is no sign that Apple is planning to add support for U2F in its Safari browser or as a second factor in authorising iCloud logins. Currently, 2 factor authentication for iCloud logins involves a second Apple device providing a code. This suffers the same vulnerability to man in the middle attacks shown by using an SMS or other authenticator application. When Touch ID can be used, like on the new MacBook Pro laptop or even on Apple mobile devices, it is not used as a second factor but as a convenient way to access the main password.

Two factor authentication using SMS messages, or better still, applications like Google Authenticator, is still far more secure than using a simple username and password. Using a secure key makes the process faster and more convenient and increases the level of security. For this reason, it is good news that Facebook has added support for U2F and it would be hugely beneficial if more sites and companies like Apple were to support this form of security.

Having personally used a Yubico U2F USB-C key with a MacBook for the past few weeks, the experience has been far more positive than using the Google App which was slower and more cumbersome than the simple operation of sticking the USB key in and touching it to authenticate. I keep the key with my other physical keys and so it is always at hand and harder to lose. If the key is not available, it is still possible to revert to using SMS or a secondary form of authentication for most applications.

Authors: David Glance, Director of UWA Centre for Software Practice, University of Western Australia

Read more http://theconversation.com/facebooks-support-for-usb-security-keys-is-a-good-move-and-one-others-should-follow-72023

Don't stand so close to me – understanding consent can help with those tricky social distancing moments


For First Nations people, coronavirus has meant fewer services, separated families and over-policing: new report


We need good information to make decisions, especially when things go wrong


The Conversation


$1.8 billion boost for local government

The Federal Liberal and Nationals Government will deliver a $1.8 billion boost for road and community projects through local governments across Australia.   The package of support will help lo...

Scott Morrison - avatar Scott Morrison

Scott Morrison press conference

PRIME MINISTER: This is a tough day for Australia, a very tough day. Almost 600,000 jobs have been lost, every one of them devastating for those Australians, for their families, for their commun...

Scott Morrison - avatar Scott Morrison


Local economic recovery plans will help towns and regions hit by bushfires get back on their feet as part of a new $650 million package of support from the Morrison Government.   As part of th...

Scott Morrison - avatar Scott Morrison

Business News

Office expert: Don't bring your staff back to work until you have done these things

With lockdown restrictions gradually being eased across the country, Australian workplaces are looking at the types of changes needed in order to meet new health and wellness requirements post-l...

Tess Sanders Lazarus - avatar Tess Sanders Lazarus

Major health and wellness brands sign-on to open at Yamanto Central

While COVID restrictions start to ease across the country, plans for Queensland’s newest shopping centre, Yamanto Central, ramp up. Due for completion in the first half of 2021, Yamanto Cent...

Tess Sanders Lazarus - avatar Tess Sanders Lazarus

How have live chatbots turned beneficial for online businesses?

Every business these days have come up with their online models. While some people still rely on the customer service representatives to handle the queries for their company around the clock through...

Paresh Patil - avatar Paresh Patil

News Company Media Core

Content & Technology Connecting Global Audiences

More Information - Less Opinion