Facebook Intros New Password Recovery System For GitHub

Facebook introduced a new password recovery system for GitHub which utilizes recovery tokens connected to Facebook accounts. The new feature is available to GitHub users as of today, the company's Security Engineer Brad Hill announced. Facebook's new invention aims to eliminate vulnerabilities in traditional password recovery solutions which are often insecure and make the security of actual authentication procedure irrelevant seeing how malevolent individuals can simply trick the recovery system into sending them a (new) password.

To combat that issue, Facebook accounts can now be used in the process of two-factor authentication for password recovery at GitHub. Users can take advantage of the feature by using their Facebook accounts to save a recovery token which can later serve as a form of authentication. Once that action is performed, passwords of GitHub accounts can be reset by logging into Facebook which will automatically send a recovery token back to GitHub. If the token sent back to GitHub matches the one GitHub originally sent to Facebook, a user will be able to reset their password. The recovery token used in this procedure is encrypted using contemporary standards, meaning Facebook isn't able to access any information it contains. Furthermore, the Menlo Park-based social media giant claims it also isn't sending any other personal information to GitHub given how the online repository only needs the original token to verify one's identity. The entire process apparently takes just a few clicks and is performed through HTTPS.

The announcement of this feature comes shortly after Facebook introduced USB keys, another form of two-factor authentication designed to improve online security. The social media company has recently been hard at work making account verification both secure and convenient, and this move can be interpreted as another step in that endeavor. While the company's token-based authentication is currently limited to GitHub, Hill said that Facebook is hoping the method will be adopted by other online services in the future. The feature is also a part of the company's bug bounty program, meaning security experts can earn money by identifying any vulnerabilities in the procedure. In addition to Facebook, individuals who manage to spot any weaknesses in this solution will also be financially rewarded by GitHub. It remains to be seen whether other online services agree with Hill's assessment that a password recovery mechanism reliant on a Facebook account is secure enough to warrant implementation.

Copyright ©2019 Android Headlines. All Rights Reserved
This post may contain affiliate links. See our privacy policy for more information.
You May Like These
More Like This:
About the Author

Dominik Bosnjak

Head Editor
Dominik started at AndroidHeadlines in 2016 and is the Head Editor of the site today. He’s approaching his first full decade in the media industry, with his background being primarily in technology, gaming, and entertainment. These days, his focus is more on the political side of the tech game, as well as data privacy issues, with him looking at both of those through the prism of Android. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now