Facebook can soon unlock websites you've been locked out of
MANILA, Philippines – Facebook will be launching a feature that allows you to recover access to other website sites, which leapfrogs the need for email as a user verification tool.
At the USENIX Enigma conference on Tuesday, January 31, Facebook security engineer Brad Hill announced "Delegated Recovery," a feature that will allow users to prepare encrypted recovery tokens to regain access to sites they may have lost access to.
The first test of the new Facebook feature will involve Github, which will begin on February 1.
If a user loses access to their Github account, they can use Facebook to send a security token to the Github website to prove the user's identity and unlock the associated account.
The encypted token means Facebook can't view the information on the token, and it won't share any information about you to the third-party website you're trying to regain access to.
Speaking with Techcrunch, Hill said, "No matter what kind of site you are, you have to deal with the issue that someone will lose their password or their token.” This is a common issue with password reset codes sent through email or SMS authentication codes.
Facebook added Delegated Recovery will be part of Facebook’s bug bounty initiative, so there's an incentive to test the tool and report vulnerabilities.
It will also be released open source. Said Hill, "We’re building this and giving it away because recovery is a problem every online service shares. Recovery isn’t a product, it’s a foundation. Secure access is the foundation on which we build all our other products."
More information on the open source protocol is available on GitHub. – Rappler.com