It seems the Facebook is now busy looking for user stolen passwords. The social network revealed their latest plans on Friday, claiming they built a system that will search sites for stolen credentials and will match the data with records of its own. This seems to be the way in which stolen passwords will be recovered.
Chris Long, the Security Engineer of the social media giant, claimed in his post: “This is a completely automated process that doesn’t require us to know or store your actual Facebook password in an unhashed form.” If the system will find out a matching password, users will get a notification. However, Chris Long advises all users to not use the same password on every website they access.
After the Dropbox scandal, big companies realized that they don’t need to be hacked, to be compromised. Dropbox declared that the stolen username-password combinations had actually been stolen from other websites or devices and had also been swiped from Dropbox. So, this means that due to duplicated passwords, securing the company’s servers isn’t enough to keep users passwords out of the hands of hackers. This is why Facebook declared that in the past few months they have tried to find anonymous posting sites, such as Pastebin, for proactively trying out passwords to find which ones match to Facebook accounts.
The social media company hopes that by creating this system they will find the duplicate passwords before any criminals do. Just to be clear, if you use the same password on lots of websites, hackers only have to find out one password to be able to access all your accounts. As long as you keep using the same password on your websites, Facebook will try to find a way to protect it.
Many experts are very glad to see this move coming from the social media giant. However, there are some ways to protect your password. One of these ways is to use Facebook Login when you sign into other websites. You don’t need to create a password or username, and the service won’t be able to post, unless you let it. You may also Enable Login Approvals, an authentication solution for you to add an extra layer of security to your account. This means that you will enter a security code from your phone when you will log in from a new browser.