Insights & Analyses

In an attempt to supplant email for online ID, Facebook announces external account recovery service

February 1, 2017

Users have long relied on a registered email account to create and recover online identities, but social networking behemoth Facebook is hoping it will take over that role through a new encrypted identification service.

Announced this week at the USENIX Enigma conference, Facebook’s “Delegated Recovery” feature uses encrypted recovery tokens with external websites, allowing users to prove their identity and recover a lost account via their Facebook profile.

Facebook is hoping that its focus on privacy will lead to adoption of the recovery feature. As noted by TechCrunch, the Menlo Park, Calif., company won’t be able to read information stored in authorization tokens, and account information will not be shared with third-party websites.

Experts believe that Facebook and other social networking accounts could play a crucial role in the future of online identities and secure authorization. In an interview on One World Identity’s State of Identity podcast earlier this month, Chief Executive Blake Hall said he believes social media accounts will be the key to providing online banking to both millennials in modern countries, and to people without any form of identification in the developing world.

“Social media becomes the only digital platform that has enough data where you can actually get to know your customers and pull out some attributes that help you understand if they are creditworthy and if that’s a unique identity,” Hall said.

For its part, Facebook believes its Delegated Recovery feature offers more security than traditional email for identification and account recovery. Brad Hill, a security engineer with the company, explained that a single compromised email account prevents a major security risk for all of a user’s online accounts.

Though the prospect of banking and other major online services is a likely future candidate for Facebook’s Delegated Recovery, for now the feature is available in a limited trial with GitHub, an online software repository commonly used for open-source projects. Delegated Recovery is available open-source as well, meaning other websites can implement it as they see fit.