Daily Bulletin


The Conversation

  • Written by David Glance, Director of UWA Centre for Software Practice, University of Western Australia
image

In an attempt to increase the security of online accounts, Facebook has added support for 2 factor authentication using USB security keys.

The security keys supported are ones that support a standard called U2F which stands for Universal 2nd Factor authentication. Logging into Facebook still involves using a username and password but the 2nd factor of the process is simply a matter of inserting the key into the computer and touching a metallic part of the key. The process is faster than using an SMS text message or special authenticator app and it is potentially more secure.

U2F was designed to provide a physical device that wasn’t susceptible to hackers using “man in the middle attacks”. Theoretically, a hacker could reproduce the login page of a bank or a service like Google and get the user to put their username and password in. Even when a text message is sent to the phone or an application like Google Authenticator is used, the fake login screen can simply capture that information from the user and pass it on to log in.

With U2F, the exchange of information that is provided by the secure key is able to prevent this type of attack and even alert the user to the fact that the login screen was fake.

Using SMS text messages to receive a second key also suffers from the problem that hackers can use a variety of means to intercept text messages. Hackers have been able to socially engineer telecommunications providers and get replacement SIM cards sent to them to hijack a person’s phone. It is also possible to get text messages re-routed to another number using a weakness in mobile wireless communication protocols. Hackers can also use fake mobile phone towers to intercept the text messages.

There are a number of issues with security keys however. They cost between US$18 and US$50 and they currently only work with modern versions of the Chrome and Opera browsers on computers and Android phones that support NFC.

The other problem is that at present, you can only use a security key using U2F to log into Google, Facebook, GitHub, Salesforce and Dropbox.

There is no sign that Apple is planning to add support for U2F in its Safari browser or as a second factor in authorising iCloud logins. Currently, 2 factor authentication for iCloud logins involves a second Apple device providing a code. This suffers the same vulnerability to man in the middle attacks shown by using an SMS or other authenticator application. When Touch ID can be used, like on the new MacBook Pro laptop or even on Apple mobile devices, it is not used as a second factor but as a convenient way to access the main password.

Two factor authentication using SMS messages, or better still, applications like Google Authenticator, is still far more secure than using a simple username and password. Using a secure key makes the process faster and more convenient and increases the level of security. For this reason, it is good news that Facebook has added support for U2F and it would be hugely beneficial if more sites and companies like Apple were to support this form of security.

Having personally used a Yubico U2F USB-C key with a MacBook for the past few weeks, the experience has been far more positive than using the Google App which was slower and more cumbersome than the simple operation of sticking the USB key in and touching it to authenticate. I keep the key with my other physical keys and so it is always at hand and harder to lose. If the key is not available, it is still possible to revert to using SMS or a secondary form of authentication for most applications.

Authors: David Glance, Director of UWA Centre for Software Practice, University of Western Australia

Read more http://theconversation.com/facebooks-support-for-usb-security-keys-is-a-good-move-and-one-others-should-follow-72023

Writers Wanted

Love in the time of algorithms: would you let your artificial intelligence choose your partner?

arrow_forward

A Brief Overview of Australian Gun Laws

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Prime Minister's Remarks to Joint Party Room

PRIME MINISTER: Well, it is great to be back in the party room, the joint party room. It’s great to have everybody back here. It’s great to officially welcome Garth who joins us. Welcome, Garth...

Scott Morrison - avatar Scott Morrison

Prime Minister Interview with Ben Fordham, 2GB

BEN FORDHAM: Scott Morrison, good morning to you.    PRIME MINISTER: Good morning, Ben. How are you?    FORDHAM: Good. How many days have you got to go?   PRIME MINISTER: I've got another we...

Scott Morrison - avatar Scott Morrison

Prime Minister Interview with Kieran Gilbert, Sky News

KIERAN GILBERT: Kieran Gilbert here with you and the Prime Minister joins me. Prime Minister, thanks so much for your time.  PRIME MINISTER: G'day Kieran.  GILBERT: An assumption a vaccine is ...

Daily Bulletin - avatar Daily Bulletin

Business News

Getting Ready to Code? These Popular and Easy Programming Languages Can Get You Started

According to HOLP (History Encyclopedia of Programing Languages), there are more than 8,000 programming languages, some dating as far back as the 18th century. Although there might be as many pr...

News Co - avatar News Co

Avoid These Mistakes When Changing up Your Executive Career

Switching up industries is a valid move at any stage in your career, even if you’re an executive. Doing so at this stage can be a lot more intimidating, however, and it can be quite difficult know...

News Co - avatar News Co

4 Costly Mistake To Avoid When Subdividing Your Property

As a property developer or landowner, the first step in developing your land is subdividing it. You subdivide the property into several lots that you either rent, sell or award to shareholders. ...

News Co - avatar News Co



News Co Media Group

Content & Technology Connecting Global Audiences

More Information - Less Opinion