Forgotten passwords are bane of the Internet. Facebook wants to fix that

Tags: Facebook

Forgotten passwords are bane of the Internet. Facebook wants to fix that published by nherting
Writer Rating: 0
Posted on 2017-02-04
Writer Description: current events
This writer has written 195 articles.

Facebook is unveiling a new service that remedies one of the biggest headaches facing online users today—the forgotten password.

Starting Tuesday, Facebook will offer a service that allows users who lose their GitHub login credentials to securely regain access to their accounts. The process takes only seconds and uses a handful of clicks over encrypted HTTPS Web links. To set it up, Facebook users create a GitHub recovery token in advance and save it with their Facebook account. In the event they lose their GitHub login credentials, they can reauthenticate to Facebook and request the token be sent to GitHub with a time-stamped signature. The token is encrypted so Facebook can't read any of the personal information it stores. After the request is sent, the GitHub account is restored. With the exception of Facebook's assertion that the person recovering the GitHub account is the same person who saved the token, Facebook and GitHub don't share any personal information about the user.

The service is designed to eliminate the hassle and significant insecurity found in most account recovery systems that exist now. One common recovery method involves answering security questions. Many of the questions—for instance, "What is your favorite sport?" and "What is your favorite pizza topping?" asked by United Airlines—are easily guessed. That leaves people susceptible to account takeovers. Other methods, such as delivering security tokens by e-mail or SMS text message, lack the kind of end-to-end encryption that's increasingly expected for secure communications.

Unlike a compromised e-mail account—which often can be used to gain access to dozens of online accounts controlled by the owner—the Facebook service can be rate limited. This is according to Facebook Security Engineer Brad Hill who spoke at the Enigma Usenix conference in Oakland, California, on Monday. In the event a Facebook account is hijacked, the rate limiting can be used to prevent an attacker from accessing all the third-party accounts at once. That feature could prove useful in the future, should the service be adopted by a large number of other third-party services.

For now, the service is available only for GitHub, but Facebook hopes other third-party sites will also use it eventually. The social networking giant has published the technical specifications here, and it is offering cash rewards under the company's bug bounty program to people who find security vulnerabilities. Facebook has more info about the program here.

Sources:
https://arstechnica.com/security/2017/01/forgotten-passwords-are-bane-of-the-internet-facebook-wants-to-fix-that/

You have the right to stay anonymous in your comments, share at your own discretion.

Anonymous: 2017-05-22 01:51:20 ID:2044

Thank you for all your valuable work on this website. My daughter takes pleasure in going through internet research and it is obvious why. A lot of people know all relating to the powerful medium you make great solutions via this web blog and in addition boost contribution from others on the matter plus our favorite daughter is without a doubt discovering so much. Enjoy the remaining portion of the year. You're performing a really good job.

Anonymous: 2017-05-23 07:10:05 ID:2045

I precisely had to thank you so much yet again. I do not know the things that I would have created in the absence of those methods discussed by you on my subject matter. This has been a real traumatic concern in my circumstances, but witnessing the specialised manner you treated the issue took me to cry with gladness. I'm just thankful for the advice and in addition hope you really know what a powerful job you happen to be doing training most people by way of your website. I am certain you have never encountered any of us.

Anonymous: 2017-05-24 12:04:15 ID:2046

Thanks so much for giving everyone such a remarkable chance to check tips from this site. It is always very pleasant and stuffed with a good time for me personally and my office mates to visit your site nearly thrice in a week to read through the newest tips you will have. Not to mention, I'm at all times impressed with the unbelievable methods you serve. Selected 1 areas in this article are undeniably the very best I have had.

Anonymous: 2017-05-24 05:05:07 ID:2047

I am writing to make you understand what a fine experience my cousin's child gained reading the blog. She even learned numerous pieces, which included how it is like to possess an excellent helping heart to have most people just know just exactly certain very confusing subject matter. You really did more than our expected results. I appreciate you for offering these effective, healthy, edifying and cool tips about the topic to Gloria.

Anonymous: 2017-05-26 08:18:12 ID:2068

I want to get across my admiration for your kind-heartedness giving support to those who absolutely need guidance on this important area. Your very own commitment to getting the solution around turned out to be astonishingly significant and has really empowered individuals much like me to get to their endeavors. Your own useful key points indicates so much to me and a whole lot more to my fellow workers. Many thanks; from all of us.

Anonymous: 2017-05-27 01:05:24 ID:2069

I am glad for writing to make you understand what a helpful discovery my cousin's child gained using the blog. She realized many things, including what it's like to possess a marvelous helping heart to let men and women smoothly know just exactly a variety of problematic topics. You truly surpassed our own expected results. Thanks for displaying the informative, dependable, edifying not to mention easy tips about that topic to Jane.

Anonymous: 2017-05-28 04:46:53 ID:2070

I in addition to my pals were analyzing the great strategies on your web page while instantly I had a terrible suspicion I never thanked the web blog owner for those tips. Those ladies are already for that reason glad to read through them and have sincerely been taking pleasure in these things. Thank you for actually being indeed kind and then for going for varieties of fantastic useful guides most people are really eager to discover. My very own sincere regret for not saying thanks to you earlier.

Anonymous: 2017-05-29 01:42:47 ID:2071

I happen to be commenting to make you be aware of of the awesome experience our princess went through reading through the blog. She even learned many things, with the inclusion of how it is like to possess an awesome coaching mood to get a number of people with no trouble learn several tortuous subject matter. You really did more than people's expectations. Thanks for producing the essential, dependable, revealing and as well as fun tips about your topic to Lizeth.