Facebook says that someday ‘the password’ will be a distant memory. But for now, passwords are certainly necessary. However, Facebook has released a beta version of its Delegated Account Recovery software –a new way for social networks to be the backup security key when online consumers forget their password on different, non-Facebook websites and services. The concept behind this software: When a consumer forgets their password on a website, mobile app or other online service, the website, mobile app or service will instead use Facebook to verify the individual consumer instead of prompting the individual to re-set a password and answer security questions that are often not completely secure methods of password transmission. Delegated Account Recovery will require that the individual consumer prove that they are who they say they are by recognizing friends’ photos in order to log into their account on other websites, mobile apps or online services. Facebook security engineer, Brad Hill, said, “We want to make sure we can let you use identifying information to keep yourself secure, but not have to trade your privacy. Right now, you tell your mother’s maiden name to 500 different places and if anyone of them gets hacked, then you’re vulnerable everywhere.”
Facebook says its new method is more secure than the typical password reset via an email or code to a mobile device. Text messages are unencrypted and all email accounts can easily be hacked. The Delegated Account Recovery software works even if the individual consumer changes their phone number or email address.
However, the public is generally skeptical about trusting Facebook with their other accounts—Facebook already knows everything about you and uses your information to advertise to you. And if an individual consumer’s Facebook account were hacked, then of course, those hackers can use that information to log into other accounts. Of course, Facebook insists that it has safeguards in place to recognize fraudulent activity and that it limits the amount of third-party accounts that can be recovered at one time. For now, only developers will be trying out this new software. Eventually, Facebook will open-source Delegated Account Recovery so that any company can use it, so even if as a consumer you don’t trust Facebook with your identity, you may have put trust in another company that implements this tool.