back to article Your Facebook account is now more secure than your bank's (probably)

Facebook is upgrading its login defenses by rolling out support for hardware security keys. The move means that Facebook addicts can make their logins far more resistant to phishing and account hijackings – and makes the site more secure than banks' online services that provide just single-factor authentication. Users can log …

  1. NoneSuch
    Big Brother

    And yet...

    El Zuck keeps a piece of tape over his webcam.

    Says it all really.

    1. frank ly Silver badge

      Re: And yet...

      That's to protect him from Google.

  2. Fruit and Nutcase Silver badge

    Zuckerberg’s Facebook Page

    "It Takes at Least 12 People to Make Mark Zuckerberg’s Facebook Page"

    http://nymag.com/selectall/2017/01/it-takes-12-people-to-make-mark-zuckerbergs-facebook-page.html

    Narcissistic and vain?

    1. werdsmith Silver badge

      Re: Zuckerberg’s Facebook Page

      Faecebook and Zuckerberg actually believe that their fatuous drivel platform is important enough to need protection.

      Hackers would probably prefer to spend their time finding ways to keep the steaming pile of doggo away from themselves.

      1. Anonymous Coward
        Anonymous Coward

        Re: Zuckerberg’s Facebook Page

        Faecebook and Zuckerberg actually believe that their fatuous drivel platform is important enough to need protection.

        Despite the fact that I dislike either, they're partially right. Social media is a key information source for ID theft, but that tends to start with PUBLIC information - the stuff that FB already facilitates and even encourages (the badly mislabelled "social" bit).

        What I don't get is why they chose a hardware device - that's costly and, frankly, unnecessary - regular OTP would have worked fine too and it's not that helpful on a smartphone as you need a special version for that with Bluetooth or NFC. Even if one of the public apps for it is called "Google authenticator" it's easy to create another one as the process if public domain.

        But hey, I don't care. I don't use it.

  3. malle-herbert Silver badge
    Trollface

    "Your Facebook account is now more secure than your bank's (probably)"

    And yet... I trust my bank a lot more with my private information than FaceBook...

    1. Throatwarbler Mangrove Silver badge
      FAIL

      Re: "Your Facebook account is now more secure than your bank's (probably)"

      It's all fun and games until your bank's security is breached and your account details stolen!

      1. Anonymous Coward
        Anonymous Coward

        Re: "Your Facebook account is now more secure than your bank's (probably)"

        Except that the bank is held financially responsible for that breach, FB just shrugs its shoulders.

  4. Bogle

    Yubico key

    Closed my Farcebook account years ago (no! no more posts about your damn cats, single lady!) but I'm a Yubico key fan, have my v4 on the desk here. More of this, please, and more sites playing catch-up with 2FA.

    That said, the more advanced functionality of a Yubico key is far beyond what most can handle. Public/Private Key systems are just too complicated for Mr Average (for example see recent errors by The Grauniad re: WhatsApp).

  5. fidodogbreath Silver badge

    U2F / 2FA are far from a panacea

    I see four problems with hardware U2F:

    1. If the device is the only way to log in to critical accounts and it is lost or broken, then you're well and truly screwed.

    2. If sites provide a method to bypass U2F in the event of #1, an attacker can use that path to get into your account without having the U2F key; the key is just a false sense of security.

    3. In the case of those $16 Chinese U2F keys on eBay or Amazon, what assurance do you have that the device itself is not compromised, either by bug or by design? If the device is not secure, then it's actually worse than using password-only authentication. The average user would not have the ability to determine whether the device is secure.

    4. The most damaging hacks of personal information have been due to compromised administrative accounts, not individual users; think Target, US Office of Personnel Management, Yahoo, etc. It's a lot more efficient to steal 100 million users' data from one admin than to hack 100 million users. U2F will do nothing to protect you from that.

    So, while there are some situations where a good U2F key might have some value, it's more about making you feel safe than about actually being safe.

    1. tr1ck5t3r

      Re: U2F / 2FA are far from a panacea

      This is only really going to appeal to businesses and celeb's reliant on Facebook.

      Just hack the USB bus in the OS and get the U2F key redirected to your computer.

      Cloning dongles and using dongles plugged into one computer whilst tricking said software running on another machine is as old as the dongle itself.

      You can try it right now with Windows Remote Access and sharing a USB printer.

      Carry on using flawed OS's.....

  6. allthecoolshortnamesweretaken Silver badge
  7. tiggity Silver badge

    facebook & online bank account

    Both equally secure..

    Both equally non existent

  8. millerheide

    You've likely effectively heard that Facebook accounts are hacked to steal individual data, Facebook as an essential wellspring of gathering client data, and enterprises utilizing your data to settle on choices about your rates, you must be careful to protect your account information.

    Here are a few tips to make your account more secure more secure by enhancing the privacy more secure:-

    http://www.digitalinformationworld.com/2017/04/most-important-ways-to-protect-your-privacy-on-facebook.html

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019