Facebook Tests Account Recovery Feature With GitHub

01 February, 2017, 07:22 | Author: Alicia Barber
  • Facebook challenges email for control of your online identity

Delegated Recovery has the potential to change how people get back into accounts that have been locked for security reasons, such as typing in the wrong password too many times. The tool has been open-sourced and added to Facebook's bug bounty program so researchers can test it and point out any security vulnerabilities before offering it up to other websites and platforms as a traditional 2FA alternative. This is according to Facebook Security Engineer Brad Hill who spoke at the Enigma Usenix conference in Oakland, California, on Monday. It takes an account that is already presumed to be trustworthy-Facebook is already used by millions as the de facto account username and password for non-Facebook accounts-and uses it to unlock one of your non-Facebook online services. He continued, "A way to recover access, using identities and services you trust", adding that the "process needs to be easy, secure, and respectful of your privacy". This recovery token is stored within your Facebook account and can be used to re-authenticate the said third-party service at any instant.

Facebook will be launching a feature that allows you to recover access to other website sites, which leapfrogs the need for email as a user verification tool.

Facebook is proposing it become another option for account recovery. When you enable delegated recovery, Facebook creates a special recovery key or token that gets associated with your Facebook account. As these tokens are encrypted, Facebook says that it can not read users' personal information. Emailing a link to the address registered with the account is one way of granting access, although it assumes the email address's account hasn't been compromised and that the user can still get into their inbox.

But, Facebook has worked out a better solution for the same.

Acquisition Deal Between Yahoo & Verizon Dwindling
This followed an admission from the company in September that personal information for 500 million users was stolen in 2014. Fourth quarter revenue came to $1.47 billion, up 15.7% year over year and also topping forecasts of $1.38 billion.

Typically, when people forget their password to a site, they're forced to answer a security question or send a password reset request to their email.

"As we've seen with Guccifer's hacking of Colin Powell and others, once you are famous enough all security questions are trivia", Hill said. It will include a time-stamped counter-signature, asserting that the user is the same person who saved such token. The entire process apparently takes just a few clicks and is performed through HTTPS. Github and Facebook are planning to jointly reward security issues reported against the specification itself.

Facebook has also published the protocol at the base of this new mechanism in a GitHub repository, and together with GitHub's staff plan to release a series of open-source libraries in various programming languages to assist other online services in implementing Delegate Recovery in their user authentication systems.

Compromised Email accounts can also be used to gain access to a number of different accounts.

Recommended:



Popular

Facebook is reportedly building a streaming TV app
It would be a home for finding original, premium content that Facebook now is trying to get from major studios. The WSJ report does suggest that Facebook has been working on a dedicated TV app for Facebook for years.

Lowry has 33 points, Raptors outlast Pelicans 108-106 in OT
Hield and Holiday scored eight points each to lead the Pelicans to a 25-23 lead after the first quarter. Pelicans: Visit Detroit on Wednesday aiming to extend an eight-game winning streak over the Pistons.

Attorney General Frosh Announces Settlement with Western Union
The Department of Justice is in the process of hiring a claims administrator to manage relief for victims of this settlement . If you've wired money to a scam artist, call Western Union immediately to report the fraud and file a complaint.

Lauder condemns deadly attack on Muslim worshippers in Quebec City
Pope Francis offered his condolences to Cardinal Gerald Cyprien LaCroix, Archbishop of Quebec, who was visiting Rome on Monday. One of the people previously described as a suspect is actually a witness, police said Monday on Twitter .

NFL All-Star game changes location for the first time in years
Justin Tucker extended the AFC lead with a 38-yard field goal midway through the third quarter, the only score of the quarter. Alexander's words were made with a different tone than the one Stephon Gilmore took while interviewed during Pro Bowl week.