The only thing more frustrating than forgetting your password? Resetting it.
Between searching your spam folder for a reset link or trying to find a password you haven’t used before, current methods of resecuring your accounts are neither convenient nor particularly secure. But Facebook is looking to change that. At Monday’s USENIX Enigma Conference, Facebook security engineer Brad Hill announced that the social media giant launched an account recovery feature dubbed Delegated Recovery.
Debuting with a GitHub partnership, Facebook essentially hopes to take the place of your email account as your identity-management hub. This, the social media giant says, is safer than email because there is no end-to-end security guarantee, and often, the “security questions” you have to answer tend to be “inconvenient and risky.”
So now, “Facebook will let users set up encrypted recovery tokens for sites like GitHub, and if a user ever loses access to her Github account, she will send the stored token from her Facebook profile back to GitHub, proving her identity and unlocking her account,” the company explained in a blog post. “Encryption of the token provides privacy — Facebook can’t read the information stored in the token, and it won’t share information about your identity with third-party websites.”
Delegated Recovery is part of Facebook’s larger effort to improve account security, not only on their site, but across the web.
“We’re building this and giving it away because recovery is a problem every online service shares,” Hill said. “Recovery isn’t a product, it’s a foundation. Secure access is the foundation on which we build all our other products.”
- New Capital One data breach affects 100 million people. Here’s the very latest
- How to use recovery mode to fix your Android phone or tablet
- Why doesn’t Facebook help after your account gets hacked?
- How to change your Gmail password
- Slack is resetting user passwords in response to a 2015 data breach