Skip navigation

Facebook's Security Philosophy or: How Engineers Learned to Love 2FA

Providing a crucial security control for customers means that we don't often get to publicly announce the relationship we have with some amazing companies. Last week, however, Mark Crosbie, Tim Tickel, and Four Flynn from the Facebook team gave a presentation at Purdue University that included an overview of Facebook's implementation of Duo Security to provide two-factor authentication for the company's engineers.

During their hour-long presentation the guys provided thoughtful insight into the security culture of Facebook and how that led them through the evaluation and implementation decisions of their two-factor authentication deployment. As the video notes, there are 1.15 billion active users across the Facebook platform. This scale of user base is obviously quite rare and this video helps outsiders understand the challenges of allowing developers to do their job efficiently but also providing the security required by this huge responsibility.

We highly recommend you watch this entire video as it will be interesting to just about any technology-minded person. Starting around 17 minutes, however, the discussion around two-factor authentication picks up and you'll be able to learn about the Duo Security deployment within Facebook with an impressive level of detail directly from the team who really made it happen.

We're proud to be providing our platform to Facebook and value them as a customer that provides great feedback, allowing us to make an even better service. It's a great pleasure to work with them and we appreciate their trust to allow us to help secure the resources that affect over a billion users.

To learn more about Facebook's recent two-factor authentication deployment, check our our press release.

Tagged: facebook, yubico, yubikey

Mark Stanislav

Security Evangelist

@markstanislav

Mark Stanislav is the Security Evangelist for Duo Security. With a career spanning over a decade, Mark has worked within small business, academia, startup, and corporate environments, primarily focused on Linux architecture, information security, and web application development. Mark has spoken internationally at over 75 events including including RSA, DEF CON, ShmooCon, SOURCE Boston, and THOTCON. He earned his Bachelor of Science Degree in Networking & IT Administration and his Master of Science Degree in Technology Studies, focused on Information Assurance, both from Eastern Michigan University.