Being on the network from anywhere with the same username and password is great. It couldn’t be any easier until you forget your password or username. It may be because you lost the phone to receive the two-factor authentication or are confused with the answer of the platform’s security question.
Both the techniques are not considered very appropriate for the safety of your account. Major security breaches recently occurred because hackers successfully accessed accounts by recycling passwords and finding answers to questions on various sites. It is common among various websites to send a recovery link to a user’s email for a lost password but in doing so, the accounts are mostly compromised.
Facebook has replaced email as the hub of online identity management in order to fix the account recovery process. Recently at the USENIX Enigma conference, Facebook’s security engineer Brad Hill has stated that the company is launching an account recovery feature for other websites named as Delegated Recovery.
Users will be allowed to set up encrypted recovery tokens by Facebook for websites such as GitHub. For example, if a user losses the access for a GitHub account, he/she will be sent a stored token from the Facebook profile back to GitHub. The account will be restored on proving the identity. Privacy is the main element of the encryption the token provides. It does not allow Facebook to read the information stored in the token. Also it won’t share any information about a user’s identity with the third-party websites.
With the Delegated feature, Facebook just not adds up to security but also convinces users to center their online identity on their Facebook’s profile instead of their email address. Recovery emails are not considered secure as email security doesn’t have the greatest reputation right now. Improved security can be offered by moving account recovery to an encrypted token system on Facebook.
For now Facebook’s account recovery feature will be available in a limited trail with GitHub. The trials will allow the researchers to investigate the feature for any possible weaknesses. With an open-source release for the feature, websites will be able to implement it easily. Account recovery is a problem faced by every online service and this feature will be helpful for all sites to overcome the issue.