追求你的追求

你的梦想

Facebook wants to kill the password

2017-04-27 17:31:57 | 日記

Someday, passwords will likely be a distant memory.

For now, they are necessary -- as well as regularly re-used, and sometimes leaked when hackers access private information. When you forget yours, the process to log back into an account you’re locked out of is clunky and not as secure as it could be.

Facebook wants to change that -- and eventually, to make passwords obsolete.Facebook’s F8 developer conference on Tuesday brought the launch of the beta version ofDelegated Account Recovery, a way for the social network to be the backup security key in case you forget your password on different, non-Facebook services Neo skin lab.

The idea: If you forget your password on an app or website, it will instead use Facebook to verify you are who you say you are. You will have to prove yourself through exercises like recognizing friends’ photos in order to log into your other account.

"We want to make sure we can let you use [identifying] information to keep yourself secure, but not have to trade your privacy," Facebook security engineer Brad Hill told CNNTech.

"Right now you tell your mother’s maiden name to 500 different places and if any one of them gets hacked, then you’re vulnerable everywhere."

Think about the last time you forgot your password. The website likely sent a link to your email to reset your password, or texted a code to your mobile phone. You might have answered security questions, like your mother’s maiden name or the moniker of your first pet.

Facebook says its method is more secure. Text messages are unencrypted, and email accounts can be hacked. Further, Facebook’s Delegated Account Recovery works even if someone switches their phone number or email address.

People might be skeptical about trusting Facebook with other accounts. The company knows everything about you, and uses your information to advertise to you. And of course, if your Facebook account is hacked, the bad guys can log into your other accounts that way, too.

But Hill insisted Facebook has safeguards in place to recognize fraudulent activity, and will alert you if anything seems amiss. If, say , Facebook knows you always log in via your iPhone in California, an attempt from Russia on an Android will be flagged.

Facebook also limits how many third-party accounts can be recovered at one time, and the company won’t know the details of those other accounts. For example, say you use Facebook as your backup code for your bank. Facebook will know you use the bank’s services, but it doesn’t know anything about your bank account.

For now, developers must apply to use the tech. Facebook is open-sourcing this technology so eventually any company can use it -- that is, even if you don’t trust Facebook with your identity, you might trust another organization that implements the tool.

Delegated Account Recovery doesn’t replace passwords dermes. But it’s a stepping stone in Facebook’s efforts to improve and eventually replace the security mechanisms we currently use.