We've all had the problem of forgetting the login password to our favorite website. Software developers have gone to great lengths to offer convenient solutions to this ongoing and annoying issue, but the most common method, which comes in the form of various security questions, is hardly convenient. Some security questions even introduce new security risks to the entire process.
In a recent attempt to address this concern, Facebook has teamed up with numerous sites to offer support for U2F Security Keys. Through the new system, Facebook users can store an authentication key for a site like GitHub on their social media account. If you ever forget your GitHub password, the process to restore it via Facebook is rather simple and straightforward.
Brad Hill, a leading security engineer with Facebook, talked about the system in a recent email by stating: "The system is designed to be resilient even to large scale data dumps of email and user databases that have become too common. With independently held cryptographic keys needed to use them, recovery tokens offer a level of security that we don’t see from email."
If you want to take advantage of the feature for yourself, you will have to set it up in advance. This is as simple as saving a recovery token to your own Facebook account. No personal information is shared or transmitted through this process and it can all be completed through a secure HTTP connection.
Facebook recently completed a trial of this program where they worked exclusively with GitHub. They've since increased support to include a number of other sites and entities. Facebook and their partners are hopeful that their new authentication method will replace confirmation emails and security questions in the near future.
When asked why they're making the transition away from email, Hill responded by saying: "Facebook user surveys are revealing a decline in the use of personal email and a growing preference for phone number as an account identifier. In some parts of Africa and the Asia Pacific region, the preference for phone number over email is as high as 70%. And in many of those same places where phone number is most popular, it is also a very unstable identifier. People often have multiple SIMs cards, switch numbers frequently to get a better deal, and treat phone numbers as spam collection accounts like people in English-speaking markets often do with email."
There are other driving factors behind the transition, too. Facebook has been increasing their push for an increased reliance on social media in our everyday lives. Not only will the Delegated Recovery feature give Facebook and its partners greater control over their users, but it also puts the site at the center of modern social media functionality.
Experts throughout the IT industry are skeptical about Facebook's new Delegated Recovery option, but they're monitoring the breakthrough closely. If it works for Facebook, GitHub and the other pioneers involved, it might have a viable application on other sites in the near future.
Recover Your Passwords with Facebook's Delegated Recovery
No comments yet. Sign in to add the first!