humanID’s Account Recovery Option
By Mohammad Halim, Manmit Kaur, Derek Quach
November 16, 2022
81% of “hacking-related breaches [was due to] stolen [and] weak passwords.” To combat hackers, experts recommend that users employ different passwords across platforms to reduce the chances of being hacked. However, with the increasing number of passwords that the population has to remember, users begin to reuse passwords. Reused passwords run the risk of multiple accounts becoming compromised. In the case of reused or weak passwords, users are discouraged from creating new accounts for other applications or websites. On average, users receive 37 emails regarding forgotten passwords. “63% of internet users get locked out on average of about ten accounts per month.”
With the number of times someone would have to reset their password, it’s easy to understand why login issues are so prevalent. “If users forget their passwords, they are most likely to avoid the site rather than trying to regain access.” In place of typical login methods, users are more than likely to opt for a third party to verify their identity. Thus, it would be beneficial to implement accessible and easy-to-use verification methods.
Why is an Account Recovery Option Important?
Getting locked out or having to reset passwords can be frustrating. For this very reason, third-party identity providers like humanID have implemented an option for account recovery. With this option, the user experience is fast, safe, and convenient when compared to the difficulty of remembering every email or password for accounts.
In its entire existence, humanID has strived to create an accessible and bot-resistant internet. Primarily, we are known for our quick and anonymous logins that never store data beyond login. With login issues becoming so prevalent, we’ve decided to expand and develop a convenient method to recover your users’ accounts.
Indeed, this option exists through email– but with our recovery option, it will operate under our mission statement. Here at humanID, we prioritize responsible data practices, transparency, and safety. With the account recovery option, we can provide a safe avenue to recover your users’ accounts with relative ease and accessibility.
User Flexibility and Convenience
Phones can be damaged or even stolen. Each year, approximately 70 million phones are lost, and even more logins are lost due to data breaching by hackers. One way hackers steal your data starts just on your cell phone number, with 60% of all the world’s cyberattacks starting on mobile devices. This, and for many other reasons regarding safety, is why people change their phone numbers. With humanID’s login method, users can enjoy their favorite sites or platforms in a secure zone using their new phone number with ease. And, with humanID’s account recovery method, they can enjoy easy-to-use setups and verification code-accessible logins.
Designed Against the Hacker
Our system gives the user three chances to enter the correct six-digit code onto their device from their email. We allow three attempts in case the user accidentally inputs incorrect digits. Limited attempts also prevent hackers from attempting the correct combination, or Brute Force. Although inputting the right combination seems unlikely, Brute Force has been the case for 5% of all confirmed data breaches. Of all breaches caused by hacking, “80% have been from Brute Force or lost/stolen credentials”. If the code entered is incorrect after three attempts, the recovery option is disabled for the account’s safety.
How Does it Work?
Following a typical login flow, users would generally input their login information. Or quickly verify their identity through humanID’s login. However, if the user is unable to log in through traditional methods, they can opt for humanID’s account recovery option. By clicking humanID’s account recovery button, users can log in with their phone number, email, and verification code.
With just a bit of setup, users can regain account access with their phones.
One common secure way to keep bots away is to add CAPTCHA. The humanID account recovery option is bot resistant that includes CAPTCHA. humanID will ask users to verify their identity in order to continue to recover the account. To verify, users will click the “I’m not a robot” option. After that, the verification is complete. Users will receive an email with instructions on how to gain access to their lost account.
Users: Setting Up Your Account Recovery Option
Setting up the account recovery option is relatively easy. By choosing humanID to log in and choosing the account recovery option, users can begin account setup. After entering their email, we prompt users for their randomly generated verification code sent to their email. After users verify their identity with this code, the account recovery option is enabled. With just a verification code, your humanID registered phone number, and email, users can regain access to their accounts.
Developers: Setting Up the Account Recovery Option
If you’d like to integrate humanID’s account recovery option, follow this handy guide to setting it up! humanID’s Account Recovery Option Integration Guide.