And the process is simple, the attacker enters the email address to any online account it wishes to access, and press the tab, "Forgot your password?", then return to email inbox and open the email to reset account password.
Facebook is tackling the security issue headlong with a new tool that enable users add an extra layer of security when they want to recover password; so that having access to the email account isn't enough anymore.
It follows same security concept of Facebook to develop technology that will make passwords utterly unnecessary, and with the extra security layers to the login process, making it harder for an intruder with just the password to get access to a user's account.
The tool relies on users identities and services they trust, regardless of whether they are associated with an email address or a phone number.
It's rather two-factor authentication for recovering access to an account, and it's required once you've forgotten your password, security questions, or your other login methods.
For now, however, users will have to wait for their favorite web services to implement it before they can begin to use the tool, as Facebook has released it as an open-source protocol that any online service can use to prove users are who they say they are with their Facebook account.