Facebook has announced two new features to try and improve the security of your account. The first, entitled Trusted Friends, allows you to designate three to five friends that can unlock your account for you if you forget the password. The other less interesting feature, called App Passwords, lets you assign a unique password to Facebook apps.
With Trusted Friends, if you lose your Facebook password you can have codes sent to your friends that let you access your account. What isn’t spelled out is whether you need all of the codes from your friends to unlock the account or if a single code will work. While this is being touted as a way to access your account if you lose both your Facebook and email account, this seems more like a backdoor to let intruders into your account. Even if all of your friends need to send you their codes to access the account, you’re still trusting that they are going to be secure themselves. Anytime you have a backdoor into an account, you end up weakening security, not strengthening it.
There’s even less details about App Passwords. The concept is sound: Don’t share your Facebook password with 3rd party applications. The actual implementation is still vague and given the company’s security track record, who knows if it will work as intended.
Interestingly enough, the security infographic that Facebook released seems to be using the term Guardian Angels instead of Trusted Friends.