Facebook Just Launched A New Open Source Tool For Recovering Passwords Easily
Short Bytes: If you regularly forget the passwords for your online accounts, then a Facebook tool, known as Delegated Recovery, might be able to help you. Currently, implemented on GitHub, the tool uses a recovery token saved with Facebook to authenticate your identity and retrieve your account. Facebook has open sourced Delegated Recovery, and it’s available on their GitHub repo.
Facebook is working on a new tool that will change the way we recover our online accounts. Normally, the 2-step authentications process uses your email or mobile number to recover your account, in case, you’re can’t recall your password or it as been compromised.The new tool called Delegated Recovery, developed by Facebook, is a protocol that will allow users to use their Facebook account to recover their other online accounts.
The Delegated Recovery protocol is sprouting, and Facebook foresees, it may even put an end to account passwords altogether. Currently, Facebook has implemented the Delegated Recovery on GitHub, allowing the users to reinstate their accounts.
This works by adding an encrypted recovery token to your Facebook account in advance. Whenever you need to get back your GitHub account, Facebook will send that token to GitHub with a time-stamped counter-signature.
“Facebook doesn’t share your personal data with GitHub, either; they only need Facebook’s assertion that the person recovering is the same who saved the token, which can be done without revealing who you are,” wrote a Facebook security engineer Brad Hill in a post.
Facebook also wants others to contribute to the protocol. That’s why they’ve open sourced it and placed it on GitHub. It makes Delegated Recovery a new addition to the list of Facebook’s open source projects. Moreover, in a combined effort, Facebook and Github are also hosting bug bounty programs for this tool. Also, there are plans to publish open source reference implementations of the protocol in various programming languages to propel a smooth development of the tool.
Do you prefer SMS-based password recovery? Do tell us your views and feedback.
Also Read: Google Gave $3 Million Cash Rewards To 350 People For Hacking Them