Evolving Account Recovery Standards
Facebook's new "Delegated Account Recovery" aims to cut your mother's maiden name out of the process for recovering lost passwords. New procedures would
"give users the option to recover or reset their password by proving their identity to Facebook, rather than by clicking on an emailed link, or worse, coughing up personal trivia like the name of their first pet or high school mascot. The approach holds the promise of far tighter account security . . . ."
Current standards for password recovery -- pushing links to authenticated email addresses -- leave users vulnerable to hacked email accounts. New procedures are more secure in theory but may still fail in execution. Now the vulnerability lies with a stolen physical ID.