14 DAY TRIAL // Facebook is now testing two-factor account recovery with GitHub, something they consider to be the next step of how this process should take place.
Of course, it’s only recently that Facebook announced it was improving account security for its users by introducing new ways to lock up their data and to recover lost passwords.
Facebook believes, however, that when it comes to recovering access to a locked account, sending a reset token to your email address won’t be able to offer the same security other methods could. So, in its test, it is doing all the heavy lifting by transmitting data over its HTTPS connections.
How it works
Here’s how the feature will work between Facebook and GitHub. First, you’ll have to set up this method in advance by saving a recovery token with your Facebook account. These are then encrypted so Facebook can’t read your personal information. Then, if you ever need to recover your GitHub account, you simply re-authenticate to Facebook.
The social network will then send the token back to GitHub in a secure manner that doesn’t involve emails, texts or those outdated security questions that you give the same answers to all over the Internet. Facebook won’t share your personal data with GitHub either. Practically, all that GitHub will do is get Facebook’s nod that you are indeed the person who saved the token.
Share it with the world
Once all the testing is done, Facebook will release open source reference implementation. They hope that you’ll be able to eventually recover your Facebook account by using this very method with third-party services.
“We're releasing this feature in a limited fashion with GitHub so we can get feedback from the security community, including participants in our bug bounty programs. Not only will our implementation be immediately in-scope for our bounty programs, but Facebook and GitHub will jointly reward security issues reported against the specification itself,” the announcement reads.