Facebook explains how it protects user passwords in light of data breaches

Much like the back-end infrastructure for the Open Graph to constructing data centers around the globe, Facebook's preventative measures and protocols have made from scratch in-house.

Big box retailers are being struck by security breaches left and right, and increasingly high-profile tech brands like Adobe and Dropbox are finding themselves being targeted.

Facebook, with more than 1.32 billion users and counting , would easily make for a golden goose for hackers. Naturally, the world's largest social network asserts that it is vigliant against these threats.

Much like the back-end infrastructure for the Open Graph to constructing data centers around the globe, Facebook's preventative measures and protocols have been made from scratch in-house.

Facebook security engineer Chris Long explained in a blog post on Friday as to how the Menlo Park, Calif-headquartered company protects people's passwords -- and by extension, all the account data locked away behind those passwords.

This process involves a heavy duty amount of monitoring, starting where many of us do (with reports of large-scale data breaches) to actively scanning public postings by attackers selling (or even just flaunting) stolen account information. From there, Facebook's security team pools the posted stolen credentials and compares if the stolen email and password combinations match emails and passwords used on Facebook.

However, Long promised that being a "a completely automated process," Facebook developers don't actually uncover nor store actual Facebook passwords in "an unhashed form," or plain text.

He continued:

To check for matches, we take the email address and password and run them through the same code that we use to check your password at login time. If we find a match, we'll notify you the next time you log in and guide you through a process to change your password.

But there's only so much Facebook itself can do. Long reminded that users can (and need to) take a number of precautions to protect themselves.

An increasingly popular option being implemented not only by Facebook but also the likes of Google, PayPal and Twitter, among others, is two-factor authentication.

The method adds an extra layer of security, requiring the entry of a security code (usually delivered via SMS) after entering one's password when logging in from a new browser. Long also touted using Facebook Login, the social network's version of a single sign-on solution for automatic entry across numerous sites online.

There are benefits and pitfalls to this route, depending on your views. On the one hand, it does grant Facebook much more access to one's data, with which not all users are comfortable.

But it does also reduce the number of usernames and passwords that one is required to remember, an increasingly frustrating and debated problem driving many to call for the "death of the password." Facebook also asserts that with Facebook Login, even if the website you are logging into becomes compromised, the attacker won't be able to obtain passwords.

Nevertheless, placing trust in Facebook Login also depends upon the strength and reliability of all of Facebook's aforementioned security measures.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All