Facebook Wants To Rival Email In Account Recovery

An interesting approach in account recovery


It is not uncommon to forget your password and one of the channels that we use to reset our passwords is through email. A link or a special code is usually sent to your account which you can use to reset your password.

Facebook has several ways to secure your account like login approvals, checking where you are logged in, 2 factor authentication, code generator and much more. Since Facebook is a company that is known to have a ‘walled garden’, it is no surprise they released away to do away with account recovery via email.

According to TechCrunch, Facebook wants to fix this one way of recovering your account where they want to replace email as a method of online identity management. The account recovery feature Facebook has developed is called Delegated Recovery and it is quite interesting as explained by TechCrunch.

Facebook will let users set up encrypted recovery tokens for sites like Github, and if a user ever loses access to her Github account, she will send the stored token from her Facebook profile to Github, proving her identity and unlocking her account.

Apparently Facebook cannot read the information stored in the token and won’t share it with other third party sources. “There’s a lot of technical reasons why recovery emails aren’t that secure. Email security doesn’t have the greatest reputation right now,” Facebook security engineer, Brad Hill was quoted as saying, “It’s the single point of failure for everything you do online.”

This tool is will be available in a limited manner starting with Github and they will allow security researchers to discover bugs and be compensated in Facebook’s bug bounty program.