Facebook has just introduced the security key feature a few days back and now the social media giant is aiming to help make forgotten passwords less troublesome. Hence, the company is rolling out a new service that will allow GitHub users to easily access the accounts in instances of forgotten password.
Basically, GitHub is an internet hosting service and offers all of the distributed version control and source code management (SCM) functionality of Git as well as adding its own features. It provides access control and several collaboration features such as bug tracking, feature requests, task management, and wikis for every project.
Announcing the service, Facebook Security Engineer Brad Hill said,"We need something better-a way to recover access, using identities and services you trust, regardless of whether they are associated with an email address or a phone number. This process needs to be easy, secure, and respectful of your privacy."
As far as what the new service will do, Hill explains, "Users will need to set up this method in advance by saving a recovery token with your Facebook account. A recovery token is encrypted so Facebook can't read your personal information. If you ever need to recover your GitHub account, you can re-authenticate to Facebook and we will send the token back to GitHub with a time-stamped counter-signature.
"Facebook doesn't share your personal data with GitHub, either; they only need Facebook's assertion that the person recovering is the same who saved the token, which can be done without revealing who you are," he added.
Currently, Facebook is testing the feature in collaboration with GitHub and has encouraged users from the security community, including participants of the bug bounty programs to send in their feedbacks. "Facebook and GitHub will jointly reward security issues reported against the specification itself."
On the other hand, Facebook has also made the protocol behind the feature available for other websites to make use of in the future. Facebook wants to see more services adopt this account recovery design over the long run.