In our busy daily life routine remembering all accounts password quite hard. So we all need to recover passwords by 2-step authentication process which includes your email account or your mobile number. This process is quite a time taking as well as some issues come under the process completion.
In USENIX Enigma conference, Facebook launches a new open source tool called as Delegated Recovery; It can be described as a protocol that allows the application to manage account recovery permission to other third party account control by the same user.
Facebook has implemented the Delegated Recovery on GitHub by which users can re-install their accounts. Delegated Recovery tool based on very different strategy, the device uses a recovery token to your Facebook account to authenticate your identity and retrieve your account.
The recovery token is encrypted and includes a time-stamped counter-signature as well as the issuing service can detect if someone changes the original token.
Whenever you go back to GitHub account, Facebook will send that token to your GitHub account with a time-stamped counter-signature. Don’t Worry Facebook does not share your personal credentials to GitHub, either they only need Facebook assurance that the person is recovering his account is same who saved the token, which can be done without revealing who you are.
This process reduces the duplicating identity data from the server and makes the database more efficient.
Delegated Recovery tool is an open source project placed on GitHub so that other people can also contribute to the protocol.
Facebook and GitHub are also hosting bug bounty programs for this tool. Although they are planning to publish an open source reference implementations of the protocol in various programming languages so that the tool can be developed more efficiently and smoothly. So now you decide what you will prefer SMS-based password recovery or token based? Give your views on comments.