Passwords are a part of people"s day-to-day online activity, whether it means logging into your bank"s online platform or any other site which requires an account. Even though we use them all the time, they are notoriously prone to getting hacked, regardless of the service being used. At its F8 developer conference, Facebook kicked off a closed beta for a service which it sees as the stepping stone for the eventual removal of passwords altogether.
Dubbed Delegated Account Recovery, it aims to replace your password for third party accounts by using your Facebook details. In essence, it allows you to use your account on the social media site in place of a recovery email or a text message, in the case of those using two-factor authentication. Facebook says that this approach is “more secure than a password reset email, and more stable than a phone number”.
In a statement to CNN Money, Facebook security engineer Brad Hill said that the company wants to “let you use [identifying] information to keep yourself secure, but not have to trade your privacy”. There will be safeguards in place to insure the tool is not misused, such as a limit of third-party sites that can be recovered at a time, plus alerts of suspicious activity.
Giving the example of using your account on the social media site as a backup for your bank site’s login, Hill said that while Facebook would know you are using Delegated Account Recovery to log into your bank’s site, it would not be privy to details about your bank account.
Rather strangely, Hill also stated that this feature would “benefit people just beginning to use the internet, who may have Facebook accounts but not an email or phone number”. This of course, ignores the fact that you need an email address or a phone number to sign up to Facebook in the first place.
Though developers have to currently sign-up to use this tool, Facebook intends to eventually open source it, so while you might not trust the social media giant with your information, you might be more comfortable if another, more trustworthy organization would implement it.
The idea of killing passwords is not new, and companies are trying various different approaches to make users move past the aforementioned log-in security feature. From Microsoft’s Windows 10 Windows Hello feature, to both Google and the Redmond software giant’s other, very similar solutions, to password-less account log-in, there’s no shortage of methods to choose. Even fingerprint sensors which have been in use on PCs and mobile devices for a while and are making their way to credit cards, could serve as a way to get into your account, in lieu of a password.
Source: CNN Money