Facebook buys black market passwords to protect you
Safety of user’s account is a primary concern for any website, and Facebook is no different. In order to keep its user accounts safe, the social networking giant is buying passwords that hackers sell on the black market.
According to Facebook’s Chief Security Officer Alex Stamos, the company will cross-reference the purchased black market passwords with encrypted passwords used on the site. This practice has kept the users’ accounts safe from breaches.
Speaking at the Web Summit 2016 technology conference in Lisbon, Portugal, Stamos said that more than 1.3 billion people use Facebook every day.
“Keeping Facebook safe and keeping it secure are two different things. Security is about building walls to keep out threats and shore up defences.” However, according to Stamos, safety is bigger than that. “It turns out that we can build perfectly secure software and yet people can still get hurt,” he added.
The security chief was quoted by CNET as saying, “The reuse of passwords is the No. 1 cause of harm on the internet.”
When passwords are stolen en masse and traded on the black market, it becomes obvious just how many of them are the same — “123456” and its following numerical comrades are the main culprits. If anyone is using one of these passwords, this automatically makes his/her account vulnerable. This is something Facebook is keen to help you avoid.
Stamos said Facebook is employing a safety-orientated building culture in order to avoid vulnerabilities and bugs from being abused.
“Usernames and passwords are an idea that come out of 1970s mainframe architectures,” said Stamos. “They were not built for 2016.”
While Facebook provides a lot of tools for users safeguard their account, ranging from traditional two-factor authentication to recognizing faces of friends. However, this is only part of the solution when it comes to keeping people safe, says Stamos.
“Even though we provide these options, it is our responsibility to think about those people that choose not to use them,” he said.
In order to identify when a login attempt could be fraudulent, Facebook is using Social Graph algorithms with a small subgroup of users’ data.
Another option is that Facebook wants people to allow their close friends to verify an account-recovery request on their behalf in the event the user’s account is hacked into.