Facebook Strives to Become Your Universal Password Recovery Service

Hot on the heels of Microsoft’s mission to “kill the password,” Facebook now appears to have its crosshairs trained on the same target, signifying that the password as we know it today may soon be an archaic relic of digital security history. The social media giant, during its recently concluded F8 developer conference, launched an innovative feature called Delegated Account Recovery in beta, designed to serve as your digital lifesaver when you lose your way in the sea of password recoveries.

What this new feature means is that any time you forget a password, other apps or websites can now seek the aid of Facebook in helping you regain access to your account. In an interview with CNNTech, Brad Hill, a security engineer at Facebook, elucidated, “We want to make sure we can let you use [identifying] information to keep yourself secure, but not have to trade your privacy. Right now, you tell your mother’s maiden name to 500 different places, and if any one of them gets hacked, you’re vulnerable everywhere.”

Despite this novel move, it seems that Facebook’s approach slightly deviates from the path taken by Microsoft and Google. Rather than actively pursuing the total elimination of passwords, Facebook seems more focused on improving current password recovery methods by making them safer. They aim to combat the vulnerabilities of conventional password recovery methods, such as email links or text messages, which hackers could potentially intercept and exploit to compromise your accounts. The underlying message appears to be that the personal information that currently serves as your security questions–first car, city of birth, or your mother’s maiden name, for instance–are easily obtainable data fragments for a skilled hacker.

Then arises the question of trust: why should users entrust Facebook with even more of their personal information? The argument runs thus: among the two billion people currently using Facebook, you are likely one of them and therefore, Facebook already has sufficient data to streamline and secure your password recovery process.

Of course, the situation of a hacker gaining access to your Facebook account might strike a chord of concern, especially when realizing that could potentially provide them access to your other accounts as well. Facebook assures users, however, that there are safeguards already in place to mitigate this risk. Similar to measures utilized by Google and Microsoft, you receive notification if suspicious activity, such as login attempts from unfamiliar devices or locations, is detected on your account. In addition, Facebook plans to limit the number of third party account recoveries that can be made within a given timeframe, further bolstering the protective layer around user security. Mr. Hill further emphasized that Facebook does not intend to extract any details related to your third party accounts, which should alleviate any apprehension regarding the social media giant’s burgeoning security role.

As mentioned earlier, this service is currently in beta, so interested developers must take the necessary steps through Facebook’s registration process to utilize it. Thanks to its open-sourced nature, companies large and small can adopt this service to enhance their user protection mechanisms.

Certain banks in emerging economies, such as Nigeria, already offer the option for customers to open accounts directly on Facebook. This initiative, meant to harness the billion-strong Facebook community to attract more users, may well pave the way for a future where users can seamlessly manage and augment their security details from the convenience of their smartphones.