Skip to main content

Facebook Attempting To Fix Password Recovery To Minimize Hack Possibility

By February 11, 2017May 25th, 2021Cybersecurity

Password security continues to be the single biggest weak point in the realm of digital security. The problems on this front are numerous, but chiefly stem from the facts that:

• Too many people use simple, easily guessed passwords
• Too many people use the same password across multiple accounts
• And too many people adopt a “set and forget” mindset when it comes to passwords.

Put those three factors together and you have what amounts to a perfect storm. If a hacker gains access to one password, he’s got the keys to your digital kingdom, and some passwords are more important than others.

Email passwords, for example, are especially important, because if a hacker has access to your email, he can simply go to any site you are a member of, click the “forgot password” link, and get a reset sent to the inbox he now has access to.

In a similar vein, Facebook passwords are crucial, because so many sites have adopted the Facebook sign on API, which allows a user to use their Facebook login credentials to access a wide range of other sites.

Where Facebook in particular is concerned, the company is taking steps to make password recovery more secure. They’re moving away from the standard SMS and email link verification and toward a delegated recovery scheme.

In terms of rollout, they’ve begun with the website GitHub.

As of now, if you have a GitHub account, you can set up an encrypted recovery token from that account in advance and save it to your Facebook account. That way, if you should ever lose access to your GitHub account, you can re-authorize and re-authenticate, using the token you’ve set up previously.

It’s an intriguing move, and it will be interesting to measure the effects over time to see how much more secure that makes those who avail themselves of the option. At this point, it’s too early to say how effective the new system will be, but kudos to Facebook for taking an important step forward in trying to find a solution to this pervasive problem.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.