Forgetful people need not worry anymore about forgetting their passwords. Facebook has figured out a way to safely access accounts without answering questions or resetting the account.
As reported, however, the new feature only works with GitHub accounts so far. The service was recently made available and is relatively easy to use. GitHub account owners simply need to create a recovery token beforehand and save it with their Facebook account. This simple process should be done over encrypted HTTPS Web links.
The GitHub account can be accessed by those who have forgotten their passwords and other information by simply going to Facebook to reauthenticate and have their encrypted recovery token sent back to GitHub. The recovery token should come with a time-stamped signature. Despite vital information handed out from one to another, GitHub and Facebook will not be sharing the user's personal data as it would remain encrypted while being shared.
Forgetting passwords is quite a common dilemma. Unless the owner uses a heartbeat password then he or she has no other recourse but to go through the daunting task of remembering the answers to security questions or to reset the account. This is annoying but, more importantly, unsafe.
Most account recovery systems also send unencrypted security tokens via email or text messages. Answers to security questions can always be guessed especially if the person trying to access the account knows its owner or is at least is already familiar with some of his or her personal information. Another problem is that some security questions such as "What is your favorite sport?" is very easy to guess. While there are an estimated 8,000 different kinds of sports all over the world, there is a relatively small pool of popular sports that one can choose from when trying to access another person's account.
While the service is currently for GitHub accounts right now, Facebook has indicated that it is available for other websites to use. Android Authority mentioned that the social network is willing to reward anyone who finds any issues with the service.