
Facebook: Improving account security with delegated recovery - happy-go-lucky
https://www.facebook.com/notes/protect-the-graph/improving-account-security-with-delegated-recovery/1833022090271267
======
lukapercic
They are making Facebook and other "Recovery Providers" target for hackers and
secret court orders. To be reasonable secure, you would have to use more than
one; (2fa?, 2 out of 3fa?). They are stamping your requests and can be held
liable if they don't allow government agencies into your account, or they can
be forced to never let you use it.

Mega breaches would still be fun, that hardly solves anything. We are working
on private key (&passwords) recovery manager, that • doesn't need any
passwords/pins/codes, • zero-knowledge (we don't know what you are trying to
sign into), • allows you to do distributed recovery (each trusted contacts
holds a share to a backup key) •opensource clients
[https://www.zeropass.io/](https://www.zeropass.io/)

We are planning to implement fido style authentication, but with private key
recovery (Yubikey-s don't provide the recovery functionality)

