Facebook's Account Recovery Changes Could Drastically Improve Your Online Security


Those security questions never were very secure.

If you've ever forgotten your password to a website or app, you know there are two options for getting back in. You could reset the password through a link sent to your email, or answer a security question about what high school you went to and your dog's name.

Unfortunately, those methods leave your account at high risk. Hackers can easily guess security questions after a few tries and a link emailed to an unsecure email account.

In January, Facebook introduced a new method to get back into an account known as delegated account recovery, which relies on your Facebook account to authenticate your identity. The system allows an app or website to establish encrypted recovery tokens stored by Facebook. When users lose their password, a recovery token from Facebook is sent back to the app or site.

Now, after running tests with GitHub, the social media giant is expanding it with the promise of tighter personal security. The code is open and available for download and apps can now apply to be a part of the beta trial.

While the security benefits are clear, there are concerns surrounding the amount of information Facebook could glean from this system. If it becomes widespread, just how tied to Facebook will its billion-plus users be?