»

Facebook Users' Passwords Stored in a Readable Format - Secure Your Account

 +
Facebook Users' Passwords  Stored in a Readable Format - Secure Your Account

Would you share this Article with others?

As part of a routine security review in January, Facebook found that some user passwords were being stored in a readable format within Facebook internal data storage systems. This caught Facebook attention because Facebook login systems are designed to mask passwords using techniques that make them unreadable. Facebook have fixed these issues and as a precaution, Facebook will be notifying everyone whose passwords Facebook have found were stored in this way. To be clear, these passwords were never visible to anyone outside of Facebook and Facebook have found no evidence to date that anyone internally abused or improperly accessed them. Facebook estimate that Facebook will notify hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users. Facebook Lite is a version of Facebook predominantly used by people in regions with lower connectivity.

In the course of Facebook review, Facebook has been looking at the ways Facebook store certain other categories of information — like access tokens — and have fixed problems as we’ve discovered them. There is nothing more important to Facebook than protecting people’s information, and Facebook will continue making improvements as part of Facebook ongoing security efforts at Facebook.

How Facebook Protect People’s Passwords

In line with security best practices, Facebook masks people’s passwords when they create an account so that no one at the company can see them. In security terms, Facebook “hash” and “salt” the passwords, including using a function called “scrypt” as well as a cryptographic key that lets Facebook irreversibly replace your actual password with a random set of characters. With this technique, Facebook can validate that a person is logging in with the correct password without actually having to store the password in plain text.

Because Facebook knows that people may share, reuse or have their passwords stolen, we’ve built security measures to help protect people’s accounts:

We use a variety of signals to detect suspicious activity. For example, even if a password is entered correctly, Facebook will treat it differently if Facebook detects that it is being entered from an unrecognized device or from an unusual location. When Facebook see a suspicious login attempt, we’ll ask an additional verification question to prove that the person is the real account owner.

People can also sign up to receive alerts about unrecognized logins.

Knowing some people reuse passwords across different services, Facebook keeps a close eye on data breach announcements from other organizations and publicly posted databases of stolen credentials. Facebook check if stolen email and password combinations match the same credentials being used on Facebook. If Facebook finds a match, we’ll notify you next time you login and guide you through changing your password.

To minimize the reliance on passwords, Facebook introduced the ability to register a physical security key to your account, so the next time you log in you’ll simply tap a small hardware device that goes in the USB drive of your computer. This measure is particularly critical for high-risk users including journalists, activists, political campaigns and public figures.

Securing Your Account

While no passwords were exposed externally and Facebook didn’t find any evidence of abuse to date, here are some steps you can take to keep your account secure:

You can change your password in your settings on Facebook and Instagram. Avoid reusing passwords across different services.

Pick strong and complex passwords for all your accounts. Password manager apps can help.

Consider enabling a security key or two-factor authentication to protect your Facebook account using codes from a third party authentication app. When you log in with your password, Facebook will ask for a security code or to tap your security key to verify that it is you.

For more information on how to keep your Facebook account secure, please visit facebook.com/about/security.

Note: Some of the names, addresses, email addresses, telephone numbers or other information in samples on this website may have been impersonated or spoofed.

Please share what you know or ask a question about this article by leaving a comment below. Also, check the comment section below for additional information, if there is any.

Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: info@onlinethreatalerts.com

Also, report missing persons, scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent.

If you want to quickly find answers to your questions, use our search engine.

You can help maintain Online Threat Alerts (OTA) by paying a service fee. Click here to make payment.

Comments, Questions, Answers, or Reviews
There are no comments as yet, please leave one below or revisit.

To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews.

Write Your Comment, Question, Answer, or Review
Write your comment, question, answer, or review in the box below to share what you know or to get answers. NB: We will use your IP address to display your approximate location to other users.
Your comment, question, answer, or review will be posted as an anonymous user because you are not signed in. Anonymous posts cannot be edited or deleted. Sign-in.

Facebook Users' Passwords Stored in a Readable Format - Secure Your Account