On Tuesday, Facebook launched the beta version of their Delegated Account Recovery, the social networking service’s attempt at creating a password-less account recovery system. Their new identity authentication method specifically uses people’s own Facebook account to prove that they actually are who they say they are.
Using Facebook to Prove Your Identity
At Facebook’s F8 developer conference the company unveiled the beta version of their password-less recovery method, called delegated account recovery. With this method the hope is to, in essence, delegate your online authentication to the social network.
They want to be the backup security key if you happen to forget your password on other accounts and for different websites not related to Facebook. If this were to ever happen, using Facebook’s new recovery method you would be prompted to prove yourself through exercises like recognizing friends’ photos in order to log into your other account.
Facebook security engineer Brad Hill said Facebook is trying to strike a balance between maintaining customer privacy and making sure that the method is actually useful:
“We want to make sure we can let you use [identifying] information to keep yourself secure, but not have to trade your privacy. Right now you tell your mother’s maiden name to 500 different places and if any one of them gets hacked, then you’re vulnerable everywhere.”
While this may be a relief to some users, there are likely many who still don’t like the idea of relying on one single company for so much that already knows so much about them.
However, Facebook insists that they have safeguards in place that can identify fraudulent activity on your account to ensure that you personal info can’t be hacked. According to them they will alert you if it seems that fraudulent activity is occurring on your Facebook account. For example, Facebook keeps tabs on your login locations and any login attempt that deviates from your usual location will be flagged.
Moreover, for now, Facebook’s new recovery system is not meant to be a password replacement, but is intended to move people in that direction. One way they think they will succeed where others have failed is by introducing the recovery system to internet novices, who may have Facebook accounts but not an email address or phone number.
Ongoing Quest to Replace the Password
Facebook’s attempt to replace the password as people’s main way of authenticating their identity is not the first time this has been tried. Curiously, every attempt thus far has been unable to dethrone the password as people’s first choice of identity security.
Clef, a tech startup that was popular with WordPress clients and in Bitcoin circles, centered their entire business around replacing the password. They offered a two-factor authentication plugin that was once even considered the “next killer app for bitcoin security.”
Alas, Clef, like many before it, was unable to kick people’s stubborn attachment to the traditional password and the CEO ultimately announced they would be discontinuing the plugin last month.
Furthermore, there have also been quite a few predictions of the password’s demise — including a high profile one by Bill Gates. However, despite all of this, the legacy password has refused to die and continues to be the mainstay of online security.
What do you think of Facebook’s Delegated Account Recovery? Why do you think the password has remained so popular despite its weaknesses? Let’s hear your thoughts.
Images Via Huffington Post and Facebook