Andrew Shikiar, Senior Director of Marketing
Facebook announced support for FIDO authentication Thursday, offering its 1.7 billion users worldwide an easy and user-friendly experience for strong authentication when logging into their Facebook accounts.
As detailed in a Facebook security note and accompanying blog post from Yubico, Facebook users can leverage a FIDO® Certified second-factor device to enable unphishable FIDO strong authentication when logging into their accounts. This significantly raises the security bar over authentication based on shared secrets stored on servers, like passwords and SMS one-time passcodes, and will protect users from account compromise – an issue that Facebook has disclosed impacts up to 600,000 users a day.
For Facebook users, FIDO authentication is as easy as adding a touch of a button to the login process. Facebook users can choose from an array of FIDO Certified second-factor devices, including those from FIDO Alliance Board members such as Feitian, NXP, VASCO and Yubico. Users that already have a FIDO second-factor device, such as a Google Security Key, can use that same device now for Facebook authentication. This is one of the major benefits of the FIDO standards ecosystem – users can leverage a single device to authenticate across all service providers offering FIDO authentication.
With this announcement, Facebook joins many leading service providers, including Google, PayPal, NTT DOCOMO and more, that have turned to standards-based FIDO authentication to protect their users — a strong endorsement of FIDO’s privacy-aware and user-friendly standards for strong authentication. We applaud Facebook’s commitment to protecting their users through FIDO authentication and anticipate many added service providers taking similar steps in 2017.