Facebook Users' Passwords Stored in a Readable Format - Secure Your Account
Would you share this Article with others?
In the course of Facebook review, Facebook has been looking at the ways Facebook store certain other categories of information — like access tokens — and have fixed problems as we’ve discovered them. There is nothing more important to Facebook than protecting people’s information, and Facebook will continue making improvements as part of Facebook ongoing security efforts at Facebook.
How Facebook Protect People’s Passwords
In line with security best practices, Facebook masks people’s passwords when they create an account so that no one at the company can see them. In security terms, Facebook “hash” and “salt” the passwords, including using a function called “scrypt” as well as a cryptographic key that lets Facebook irreversibly replace your actual password with a random set of characters. With this technique, Facebook can validate that a person is logging in with the correct password without actually having to store the password in plain text.
Because Facebook knows that people may share, reuse or have their passwords stolen, we’ve built security measures to help protect people’s accounts:
We use a variety of signals to detect suspicious activity. For example, even if a password is entered correctly, Facebook will treat it differently if Facebook detects that it is being entered from an unrecognized device or from an unusual location. When Facebook see a suspicious login attempt, we’ll ask an additional verification question to prove that the person is the real account owner.
People can also sign up to receive alerts about unrecognized logins.
Knowing some people reuse passwords across different services, Facebook keeps a close eye on data breach announcements from other organizations and publicly posted databases of stolen credentials. Facebook check if stolen email and password combinations match the same credentials being used on Facebook. If Facebook finds a match, we’ll notify you next time you login and guide you through changing your password.
To minimize the reliance on passwords, Facebook introduced the ability to register a physical security key to your account, so the next time you log in you’ll simply tap a small hardware device that goes in the USB drive of your computer. This measure is particularly critical for high-risk users including journalists, activists, political campaigns and public figures.
Securing Your Account
While no passwords were exposed externally and Facebook didn’t find any evidence of abuse to date, here are some steps you can take to keep your account secure:
You can change your password in your settings on Facebook and Instagram. Avoid reusing passwords across different services.
Pick strong and complex passwords for all your accounts. Password manager apps can help.
Consider enabling a security key or two-factor authentication to protect your Facebook account using codes from a third party authentication app. When you log in with your password, Facebook will ask for a security code or to tap your security key to verify that it is you.
For more information on how to keep your Facebook account secure, please visit facebook.com/about/security.
Note: Some of the names, addresses, email addresses, telephone numbers or other information in samples on this website may have been impersonated or spoofed.
Please share what you know or ask a question about this article by leaving a comment below. Check the comment section below for additional information, if there is any. Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: email@example.com. And, report missing persons, scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent. Also, to quickly find answers to your questions, use our search engine.
You can help maintain Online Threat Alerts (OTA) by paying a service fee. Click here to make payment.
Comments, Questions, Answers, or Reviews
To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews. Also, remember to keep comments, reviews, answers respectful.
Write Your Comment, Question, Answer, or Review
Write your comment, question, answer, or review in the box below to share what you know or to get answers. NB: We will use your IP address to display your approximate location to other users.