Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
Facebook Wants to Become the Password Manager of Your Digital Life

Facebook Wants to Become the Password Manager of Your Digital Life

By István F. István F. Verified by Adam B. Adam B.Last updated: January 2, 2025 (0)
Table of contents

Forget email and recovery questions, because next-generation account recovery will be through Facebook. At least this is how the social media giant hopes to lock the next billion users into its platform. It looks as though scrolling through endless newsfeeds is no longer enough, as Facebook is close to living up to its name and will give a face to the billions of people connected to the internet. It would like to become the platform through which users will recover the password to any third-party account via its new service called Delegated Account Recovery.

Facebook wants to become the password manager of your digital life

Why you need this service

You – just like everyone else – forget passwords, and when that happens the obvious thing to do is to recover it somehow. Facebook offers to do just that, using your digital identity as confirmed by the social media platform.

Currently available solutions for password recovery

We can agree that we need a better, more secure method of account recovery, as the current options – email recovery, security questions, one-time codes sent through SMS or apps – don’t live up to high-security expectations.

Facebook’s approach to account security

Becoming a key keeper first requires preparation to protect yourself. Over the last couple of years Facebook has taken steps to make user accounts more secure. For privacy-conscious users it has added two-step verification that, if enabled, will require additional info from any of the chosen authentication methods below:

  • A one-time code sent by SMS.
  • A code from Facebook’s own Code Generator or a third-party app.
  • A code generated by your security key on a compatible device.
  • Printed recovery codes.
  • Login approval from a device Facebook recognizes, which requires you to first register the device.

Facebook delegated account recovery as password-less account backup

The service, currently in closed beta, was officially announced in early 2017. The first platform to participate in large-scale testing was GitHub, a platform dedicated to IT professionals which might signal the intended targets for this service.

Facebook account recovery

Delegated Account Recovery doesn’t want to compete against other services providing login authentication facilities for various online accounts. The foundation of these ‘login-with’ services is OAuth, an open protocol that allows for secure authorization in a simple method on the web, and for mobile and desktop apps. For consumers ‘login-with’ means they can use their Google, Twitter, Facebook, or other account to log into another account. By choosing to do so users can skip the registration process because the creation of a new account using an existing account. With that said it’s still safer to create a new account using email than to use an existing social media profile.

Since it is designed for extreme scenarios (let’s say you’ve dropped your phone off a boat and you need to log into GitHub), Delegated Account Recovery seeks to overcome the security issues SMS, OAuth, or other common recovery mechanisms.

To make it work, the service brings into play all three parties involved: the user, the account provider, and the recovery provider. In this case the last option is Facebook.

To establish the recovery capability:

  1. The user needs to authenticate the account provider or create a new account.
  2. Select Facebook’s Delegated Account Recovery as the recovery method and therefore the recovery provider.
  3. In response to this the account provider creates a recovery token and sends it to the recovery provider.
  4. Facebook saves the token in the user’s account and redirects the user to the account provider.

If such an extreme case occurs, the account service provider redirects the user to Facebook and if the latter accepts the authentication of the user then it creates a new token – which includes the originally saved token – and sends it to the account provider, confirming the account user’s identity. The account provider then validates both the new and originally created tokens and decrypts the data, granting access to the user.

Facebook account recovery process

It may sound complicated but in theory this only requires a few clicks and your Facebook account password, according to the social media giant. Since the service is in closed beta there isn’t too much information available at this stage, and Facebook doesn’t specify which of the account security tools – Facebook Login and/or Trusted Contacts – are playing an important role in the service, but since there isn’t any standardization using this method it either requires more standardization or for the account holder to choose how it ensures the user is indeed the one that the original recovery token was assigned to.

Why you should use a password manager

However, as you can see the solution can’t fully eliminate the password and so the need to remember at least one password is still there. That could be the Facebook account that you have set as the keeper of the secret key, but what if that account is not your personal account? How can you afford the luxury of remembering a single password and still be assured that everything is fine?

For this purpose there are password managers. Since Facebook’s Delegated Account Recovery service isn’t completely password free you can always use a password manager to store all your passwords – be that for work or personal purposes – and only have to remember the master password that will open the secret box where all other passwords are stored.

Since the majority of password managers also offer a web-based interface, make sure you remember the key to your key-keeper box. As such, accessing all accounts (and maybe even eliminating the need for Facebook’s Delegated Account Recovery service) is hassle-free, even if you lose your phone.


Best password managers of 2025

Editors' choice
RoboForm logo
Editor's rating:
(4.5)
Effective security center
Passkey compatibility
Intuitive and organized interface
Affordable prices
Families
LastPass logo
Editor's rating:
(4)
Logical interface
Automated password categorization
Advanced mobile version
Various two-factor authentication options
Businesses
1Password logo
Editor's rating:
(4)
End-to-end encryption
Secure authentication method
Data breach alarms
One-time password support
Security features
Keeper logo
Editor's rating:
(4.5)
Robust security
Wide range of platform support
Affordable
Great customer support
Personal use
NordPass Personal logo
Editor's rating:
(4.5)
Strong security features
Effective password generator
Excellent free version
Attractive price
Password sharing
Dashlane logo
Editor's rating:
(4)
Password changer
Built-in VPN
Flawless data import
Thorough iOS/Android app
Local storage
Enpass logo
Editor's rating:
(4)
Packed with features
Free for desktop users
Offline password manager
End-to-end encryption

User feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2025 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us