First it was Microsoft with its own way of killing the password this week and now its Facebook which means the password as we know it could soon be a thing of the past. At its just concluded F8 developer conference, Facebook launched a Delegated Account Recovery in beta which is a way Facebook can be your backup security key just in case you forget your password not only on Facebook related services but on other platforms as well.
This means that other apps or websites will ask you to allow Facebook help you recover password should you forget it any time. Speaking to CNNTech, a security engineer at Facebook Brad Hill says “We want to make sure we can let you use [identifying] information to keep yourself secure, but not have to trade your privacy….”Right now you tell your mother’s maiden name to 500 different places and if any one of them gets hacked, then you’re vulnerable everywhere.”
But this doesn’t exactly feel as if Facebook is solidly trying to eliminate the password like Microsoft and Google are rather this is Facebook saying the current password recovery methods are not safe. By getting a link in the email or a text message to reset your password, hackers could somehow lay their hands on it and eventually take over your accounts. Information you provide like first car, city of birth and your mother’s maiden name are just some of the data hackers need to get into your life.
But why would you trust Facebook with more information about your right? Well there are two billion people on Facebook and if you’re reading this, chances are you have a Facebook account and this means Facebook probably has all they need to make your password recovery process safer.
The big risk I can see here is what happens when a hacker has access to your Facebook account, this could potentially mean they can access your other accounts on other websites as well. But Facebook says it has safeguards in place against this and one of that is what Google and Microsoft already do. You will be notified if anything looks fishy like someone accessing your account from another device or location. Facebook will also limit the number of third party account recoveries you can make at any given time. Mr. Hill also said Facebook won’t request details of your third party accounts and this is supposed to deal with any reservations you may have about this. So for example Facebook won’t know your account details and other activity on another service rather they’ll just serve as security connection between you and that account.
Like I said at the beginning, this is in beta and developers must go through Facebook’s registration process to use this and since it is open sourced, any company can use it.
Banks in Nigeria and other emerging economies already allow users open accounts directly on Facebook so as to attract more users from the 2 billion strong community. So organisations like this can try get more people to change their security details in future from the comfort of their phones.