Softpedia >News >Web / Internet Life
Softpedia Homepage   

Facebook Wants to Be Your Account Recovery One-Stop Shop

Forget about emails, Facebook is here to help recover any of your accounts, from online banking to retailers

Apr 19, 2017 08:02 GMT  ·  By
Facebook has a big plan to help recover your accounts
   Facebook has a big plan to help recover your accounts

Facebook wants to become your one-stop shop for everything web related. The company wants to replace your need for an email address when it comes to recovering your login credentials for other online accounts. 

During the F8 developers' conference, Facebook announced it was working on a way to recover access to various online accounts through its own platform. The company released software that can be used by any service with online accounts, from banks to retailers, which will allow people to recover access to their accounts by linking to their Facebook pages instead of email accounts.

The company isn't on its first try of this kind. Back in January, Facebook said it was going to step into the account recovery field, which the company calls "delegated account recovery."

A different type of safety

Brad Hill, Facebook security engineer, says that this method is safer than using an email account.

"Many people see email as the most effective, secure way to recover access to their accounts. But email was not originally designed to be a secure system, and despite countless updates over the years, major challenges remain. Because email is plaintext and messages are pushed to every endpoint device you use, services are unable to recognize the importance of account recovery messages and apply risk-based re-authentication or rate limiting. Moreover, there is often no other channel to notify you if something bad is going on," Hill explains.

He adds that if a phishing attack goes undetected, or malware on a computer signed into the email account, it can spread to all the accounts.

The company feels this is the best solution because Facebook has numerous protections in place. For instance, when logging into Facebook, the system takes into account known devices and session activity to help block unauthorized access. They also apply strict rate limiting for how quickly other accounts can be recovered, limiting the number of recovering accounts if your Facebook account itself was recently recovered.

How does it work?

When you realize you've forgotten your bank account password, you'll click on the "forgot my password" link on the login page. Then, instead of typing in your email address, Facebook will take you through a series of steps to check your identity based on what it knows about you from your Facebook account - which is... a lot.

In theory, this is a lot safer because email passwords can be stolen or leaked in a data breach. Once inside your email account, hackers could reset passwords on all your connected accounts. Facebook, by comparison, is a bit safer.