As remembering each and every password of web accounts is not easy and recovering those passwords is also a bit frustrating, Facebook has brought an open source solution. The new tool by the social networking giant gives an additional authentication to the recovery process.
Called Delegated Recovery, the open source tool works a protocol to enable account recovery using a third-party service provider. The mechanism used by Facebook is a step ahead of two-factor authentication as it does not require any email or SMS integration to recover a forgotten password. Instead, the company claims that it uses an encrypted recovery token that processes the login over HTTPS.
Facebook has initially implemented the Delegated Recovery presence on GitHub. This lets you use your Facebook account to provide additional authentication during the recovery process at GitHub.
“You will need to set up this method in advance by saving a recovery token with your Facebook account. A recovery token is encrypted so Facebook cannot read your personal information. If you ever need to recover your GitHub account, you can re-authenticate to Facebook, and we will send the token back to GitHub with a time-stamped counter-signature,” writes Facebook security engineer Brad Hill in a statement.
Hill announced the development of the new recovery tool at the USENIX Enigma conference. He also revealed that Facebook and GitHub are set to reward security issues reported against the open source solution to add some improvements ahead of its broader implementations.
Open source reference implementations in plans
Going forward, Facebook and GitHub are also planning to publish open source reference implementations of the protocol in several programming languages to enhance its presence.
“We hope to open the ability for any service to improve its account recovery experience using Facebook. We also want to offer the ability for people to use other accounts such as GitHub account to help you recover your access to Facebook,” Hill added.
You can access the code of Delegated Recovery from a GitHub repository. Moreover, the protocol can be deployed to your website to make it secure with Facebook.
