The future of internet may not have passwords.
Facebook is working on a new tool that will change the way we recover our online accounts. Normally, the 2-step authentications process uses your email or mobile number to recover your account, in case, you’re can’t recall your password or it as been compromised.
The new tool called Delegated Recovery, developed by Facebook, is a protocol that will allow users to use their Facebook account to recover their other online accounts.
The Delegated Recovery protocol is sprouting, and Facebook foresees, it may even put an end to account passwords altogether. Currently, Facebook has implemented the Delegated Recovery on GitHub, allowing the users to reinstate their accounts.
This works by adding an encrypted recovery token to your Facebook account in advance. Whenever you need to get back your GitHub account, Facebook will send that token to GitHub with a time-stamped counter-signature.
“Facebook doesn’t share your personal data with GitHub, either; they only need Facebook’s assertion that the person recovering is the same who saved the token, which can be done without revealing who you are,” wrote a Facebook security engineer Brad Hill in a post.
Facebook also wants others to contribute to the protocol. That’s why they’ve open sourced it and placed it on GitHub. It makes Delegated Recovery a new addition to the list of Facebook’s open source projects. Moreover, in a combined effort, Facebook and Github are also hosting bug bounty programs for this tool. Also, there are plans to publish open source reference implementations of the protocol in various programming languages to propel a smooth development of the tool.