How will you reset the password for your Facebook account if your primary email account also gets hacked?
Using SMS-based security code or maybe answering the security questions?
Well, it's 2017, and we are still forced to depend on insecure and unreliable password reset schemes like email-based or SMS code verification process.
But these traditional access recovery mechanisms aren't safe enough to protect our all other online accounts linked to an email account.
Yahoo Mailcan be used as an excellent example.
Once hackers have access to your Yahoo account, they can also get into any of your other online accounts linked to the same email just by clicking the link that says, "Forgot your password?"
Fortunately, Facebook has a tool that aims to fix this process and unveiled a new service that will help you recover access to all your other online accounts securely.
At the Enigma Conference in Oakland, California on Monday, Facebook launched an account recovery feature for other websites called
Delegated Recovery— a protocol that helps applications delegate account recovery permissions to third-party accounts controlled by the same user.
Starting today, Delegated Recovery is available to GitHub users for account recovery, allowing them to set up encrypted recovery tokens for their Github accounts in advance and save it with their Facebook accounts.
So in case they ever lose access to their Github account, they can re-authenticate to Facebook and request the stored token be sent from their Facebook account back to Github with a time-stamped signature, proving their identities and securely regaining access to their accounts.
This whole process takes place over encrypted HTTPS Web links and completes within a few seconds.
Since the stored token is encrypted, even Facebook can not read the personal data stored in that token.
The social network giant also assured that except its assertion that the person recovering the GitHub account is the same who saved the token, the company doesn't share any personal information about the user with GitHub.
According to the social networking giant, the Delegated Recovery service will be especially helpful for online users who have lost their smartphones, physical tokens or keys used as a second factor of authentication.
"We also want to offer the ability for people to use other accounts, such as a GitHub account, to help you recover your access to Facebook." said Brad Hill, Security Engineer at Facebook
Facebook has published the protocol behind the feature and the technical specifications on its
GitHub page. You can also read more information about the feature on
Facebook's official post.
Since no system is hacker-proof, Facebook has invited hackers and security community for reporting bugs, submit suggestions, and feedback.
Delegated Recovery is part of Facebook's bug bounty program, allowing security researchers and bug hunters to test and find out security vulnerabilities in it.
This tool is being released as open-source that would allow other third-party sites to implement it, but for now, the service is available only for GitHub.
from The Hacker News http://ift.tt/2kKFH9m
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.