nav search
Data Center Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes Lectures BOFH

back to article
Forgot your GitHub password? Facebook cooks up spec to reset logins via social network

Anonymous Coward

"Facebook has published a specification [...] the specification allows website and app programmers to push their account recovery mechanism onto an established, trusted provider"



ermm. a question.

I may not have understood the concept properly, but doesn't this just mean that if one account is compromised, it would be even easier to compromise the victoms other accounts?

(Written by Reg staff) Silver badge

Re: ermm. a question.

Well, if you compromised someone's FB account, you can then compromise their GitHub - just like if you compromise someone's Gmail, you can compromise their GitHub by reseting the password. This is why you have two-factor auth on your GitHub account. And all accounts.

The point of this is: who is better at writing and maintaining a secure account recovery mechanism - you or Facebook (or Google etc)? If you, then do it yourself. Otherwise, use someone else's working system instead.

Also means you don't have to store personal info stuff like mother's maiden names in your database.


Silver badge

Wow! With a mechanism like this, why would the government need a backdoor?

Just subpoena Facebook.


Facebook wants to be able to access all my other accounts? NO thank you! If only sites adopted something like OpenID I would be in control of my own authentication.


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing