Gone are the days when it was adequate to use the name of your first pet or mother’s maiden name as a universal proof of identity. The need for increasingly complicated passwords is growing, as is the sheer number of them, as every app, online system and platform requires unique access credentials. But fear not, Facebook has come to our collective rescue with claims to have thought up a clever solution.
Its new Delegated Account Recovery system allows apps or websites to store an account recovery ‘token’ on Facebook’s servers. If a user forgets their password or loses a device used for two-factor authentication, they can retrieve the token by proving their identity to Facebook and then use it to reach the account they couldn’t access. Facebook, in turn, offers several different methods for authentication, including ‘social CAPTCHA’, which asks users to identify friends by name from randomly selected photos on their account. (Yet another reason to unfriend your old high school buddy from 20 years ago – or could you still remember their name??)
While this looks like a valuable service available to everyone, there are inevitable questions about whether it’s a stealthy way for Facebook to collect ever more detailed personal information on users. Or, shock horror, what happens to the poor sod who loses their 2-factor authentication token and access to their Facebook account – not to mention those individuals who choose to delete their accounts altogether.