Facebook expands security key support for Android and iOS devices

Facebook announced today that mobile app users can now secure their accounts using a hardware security key, a feature that has been exclusively available only to desktop users for the past four years.

Starting today, Facebook Android and iOS users can go into their app's settings page and configure a hardware-based security key as a second-factor authentication mechanism.

Once configured, this will replace the SMS codes that account owners receive on their smartphones every time they log into an account.


With the security key configured, the account login process is modified, and after entering their credentials, users will now have to connect their security key to their phone.

Facebook said its mobile apps would support security keys that can be connected to a phone via a USB port, Bluetooth, or NFC.


The security key will also be Facebook's third kind of two-factor authentication (2FA) method, with the social network already supporting SMS codes and authenticator apps.

Facebook lagging behind Google and Twitter on 2FA front

Facebook's move comes after Google added support for security keys to its mobile apps years ago. Twitter only made the move last December, when it also expanded security key support from its web/desktop interface to its mobile apps.

This week, Twitter moved ahead of Facebook in terms of 2FA security by expanding its security keys support to allow users to configure multiple security keys for their accounts.

In addition, Twitter's future plans also include allowing users to log in using their security keys only — and not requiring passwords at all.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Catalin Cimpanu

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.