Subscribe

0

  • Sign in with Email

By clicking the button, I accept the Terms of Use of the service and its Privacy Policy, as well as consent to the processing of personal data.

Don’t have an account? Signup

  • Bookmarks
  • My Profile
  • Log Out
  • NEWS
  • Pc & Laptops
  • Smartphones
  • Gaming
  • Artificial Intelligence
  • Reviews
  • How-Tos
  • Tech & Trends
    • Buying Guides
    • Trends Watch
    • Tech Explained
    • Editorials
    • Survey Reports
    • Case Studies
  • More
    • VLOG
    • Downloads
    • Digital Mag Archive
    • Open source and Linux
    • Developer Tools
    • Fun & Games
    • Utils & Updates
    • Implementation Guides
    • IT Solutions
    • User Queries
    • Advice
    • PCQ 35
    • Communities
      • SMES
      • Developers
      • Startups
    • Mobile Apps
  • Magazine
ad_close_btn
  • News
  • Reviews
  • Advice
  • Tech & Trends
  • Gaming
  • Communities
  • Mobile Apps
  • User Queries
  • IT Solutions
  • Startups

Powered by :

You have successfully subscribed the newsletter.
News News

Facebook Improving Account security with Delegated Recovery

Facebook announced support for U2F Security Keys, to help keep accounts secure with our second-factor authentication feature called login approvals.

author-image
Rajkumar Maurya
02 Feb 2017 07:53 IST

Follow Us

New Update
illustration smartphone photo shows zenica facebook application dd c add e a d c
Facebook announced support for U2F Security Keys, to help keep accounts secure with our second-factor authentication feature called login approvals.
This is part of a larger story of industry investment and innovation around improving, and perhaps even replacing, the password. The truth is, technologies for login authentication like FIDO are only half of the story needed to keep accounts secure. The other half is account recovery—specifically, how do you regain access to your account if you lose your password, phone, or security key?
So-called “security questions” are widely acknowledged as both inconvenient and risky. They tend to be re-used across different accounts, making them even more dangerous than shared passwords. Recovery emails and SMS messages are common alternatives, and while they can get the job done, both are showing their age: neither offers the end-to-end security guarantees we expect from modern protocols, and these methods are becoming less reliable as the next billion people are getting online for the first time.
We need something better—a way to recover access, using identities and services you trust, regardless of whether they are associated with an email address or a phone number. This process needs to be easy, secure, and respectful of your privacy.
Some tools like Facebook Login and ">Trusted Contacts are part of the solution, but not every site uses the same features. Consider GitHub, a collaborative software development platform that hosts some of the most popular software in the world, including Facebook's own open source projects like React and osquery. GitHub maintains direct control of how it authenticates its users, how it assesses password strength and other risk signals, and how it deploys a diverse set of two-factor authentication methods.
So what do you do if you lose access to the phone number or security keys you use at GitHub? An email address alone can't provide the same level of two-factor authentication to recover access, so starting Tuesday, you'll be able to use your Facebook account to provide additional authentication as part of the recovery process at GitHub.
You'll need to set up this method in advance by saving a recovery token with your Facebook account. A recovery token is encrypted so Facebook can't read your personal information. If you ever need to recover your GitHub account, you can re-authenticate to Facebook and we will send the token back to GitHub with a time-stamped counter-signature. Facebook doesn't share your personal data with GitHub, either; they only need Facebook's assertion that the person recovering is the same who saved the token, which can be done without revealing who you are.
This can happen in just a few clicks in your browser, all over HTTPS.
We're releasing this feature in a limited fashion with GitHub so we can get feedback from the security community, including participants in our bug bounty programs. Not only will our implementation be immediately in-scope for our bounty programs, but Facebook and GitHub will jointly reward security issues reported against the specification itself, according to our impact criteria.
We would like to see more services adopt this account recovery design over the long run, so we are publishing the protocol behind this feature today on our open source site at GitHub:
https://github.com/facebookincubator/DelegatedRecovery/
Both Facebook and GitHub plan to publish open source reference implementations of the protocol in various programming languages to make it easy to build secure and privacy-preserving connections among your accounts and ensure you never lose access.
Soon, we hope to open the ability for any service to improve its account recovery experience using Facebook. We also want to offer the ability for people to use other accounts, such as a GitHub account, to help you recover your access to Facebook.
Usable security must cover all the ways we access our accounts, including when we need to recover them. We hope this solution will improve both the security and the experience when people forget a password or lose their phone and need to get back into their accounts.
Source: " target="_blank">Facebook
delegated-recovery facebook

Stay connected with us through our social media channels for the latest updates and news!

Follow us:
Subscribe to our Newsletter! Be the first to get exclusive offers and the latest news
logo

Related Articles
Read the Next Article
Latest Stories
Subscribe to our Newsletter! Be the first to get exclusive offers and the latest news

Latest Stories
Latest Stories
    Powered by


    Subscribe to our Newsletter!




    Powered by
    Select Language
    English

    Share this article

    If you liked this article share it with your friends.
    they will thank you later

    Facebook
    Twitter
    Whatsapp

    Copied!