This type of security keys support a standard called U2F which stands for Universal 2nd Factor authentication.
Logging into Facebook still involves using a username and password but the 2nd factor is that you just have to insert the key into the computer and touch a metallic part of the key . The process is faster than using an SMS text message or special authenticator app and it is potentially more secure.
The major purpose to design U2F was to provide a physical device that wasn’t vulnerable to hackers using “man in the middle attacks”.
Supposedly, a hacker could reproduce the login page of a bank or a service like Google and get the user to put their username and password in. Even when a text message is sent to the phone or an application like Google Authenticator is used, the fake login screen can simply capture that information from the user and pass it on to log in.
The exchange of information that is provided by the secure key is able to prevent this type of attack with U2F and even alert the user to the fact that the login screen was fake.