Facebook's New Tool Looks To Replace Traditional Two-Factor Authentication

Facebook today unveiled a new feature to let its 1.79 billion users reset passwords for other websites using its platform, an effort to further entrench the social network in people's digital lives. From a report: Delegated Recovery, as it's being called, looks to be a step forward for those afraid of losing their devices when using two-factor authentication (2FA) -- which, should be most of us. The security feature addresses the common concern of losing the device tied to your account. With Delegated Recovery, Facebook lets users set up an encrypted recovery token for sites like GitHub, and stores it at Facebook. If you lose the login information for GitHub, you'd simply log in to Facebook and send the stored token to the site to prove your identity and regain access. The token is encrypted, and Facebook can't access the information stored on it. Facebook also promises not to share it with third-party websites (aside from those you authorize).

A Facebook promise?

[QuietLagoon]

...Facebook also promises not to share it with third-party websites...

That sounds like a marketing interpretation of a privacy policy that probably is as leaky as a sieve.

Re:A Facebook promise?

[cdrudge]

Well technically 3rd party companies aren't third party websites although they may operate websites. And of course government agencies aren't websites either...

Too big for their britches

Facebook is getting into aspects which a social networking service has little business being involved in. A while back somehow a family members account became locked, to get it back up and running they were requiring photo ID. Its social contact website not a bank account.

"Facebook promises"

[vvaduva]

Facebook also promises not to share it with third-party websites (aside from those you authorize)

lolz. I am sure the NSA will love this shit.