back to article Forgot your GitHub password? Facebook cooks up spec to reset logins via social network

Facebook has published a specification for providing secure and reliable account recovery in websites and applications. Recovering access to accounts is, judging from our article archives, too easy for developers to screw up: passwords are stored in plain text, security questions can be guessed or bypassed, and so on. In his …

  1. Anonymous Coward
    Anonymous Coward

    "Facebook has published a specification [...] the specification allows website and app programmers to push their account recovery mechanism onto an established, trusted provider"

    ROFL

  2. Unbelievable!

    ermm. a question.

    I may not have understood the concept properly, but doesn't this just mean that if one account is compromised, it would be even easier to compromise the victoms other accounts?

    1. diodesign (Written by Reg staff) Silver badge

      Re: ermm. a question.

      Well, if you compromised someone's FB account, you can then compromise their GitHub - just like if you compromise someone's Gmail, you can compromise their GitHub by reseting the password. This is why you have two-factor auth on your GitHub account. And all accounts.

      The point of this is: who is better at writing and maintaining a secure account recovery mechanism - you or Facebook (or Google etc)? If you, then do it yourself. Otherwise, use someone else's working system instead.

      Also means you don't have to store personal info stuff like mother's maiden names in your database.

      C.

  3. The Man Who Fell To Earth Silver badge
    WTF?

    Wow! With a mechanism like this, why would the government need a backdoor?

    Just subpoena Facebook.

  4. Chris Hills

    Facebook wants to be able to access all my other accounts? NO thank you! If only sites adopted something like OpenID I would be in control of my own authentication.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like