While we were busy feeling lazy enough to create new passwords for every website, Facebook was apparently trying to proactively search for any password dumps on the Internet that could match a user's password on the social networking site. This week, we saw Dropbox suffering a slight blow when a post on Reddit made rounds offering Dropbox account IDs and passwords in exchange for some Bitcoin donation. The incident was one of the many where the lack of security had to do nothing with the service itself. While all these top networking, mailing and storage services on the Internet do their best by keeping their servers strong and impenetrable, it is often at the user's end where the security gets breached.
Latest Facebook security measure:
Due to the fact that a plenty of users still don't take the results of reusing passwords on multiple websites seriously, cases like the Dropbox incident do happen regardless of their proportion of ill-effect. To thwart such incidents where services get compromised because of password dumps, Facebook has announced today a new solution to the problem. In this solution, folks at Facebook security department actively trawl the Internet especially the anonymous posting sites for leaked passwords. They would then try out those passwords on Facebook accounts and in case of a hit, automatic reset of the password and user notification would happen. Concerning a privacy aspect of such trial and error game, Facebook assures that it's "completely automated process that doesn't require us to know or store your actual Facebook password in an unhashed form. In other words, no one here has your plain text password."
Facebook believes that in case of reuse of passwords which are then found in such anonymous files, the company will get to know about the breach before the criminals do, hence securing the end user. Facebook warns about users reusing their password affecting their own security, but still proactively tries to make Facebook security as strong as possible,
The problem of password reuse on multiple websites is endemic and well documented. The risks are also clear: if you use the same password on lots of websites, an attacker only has to get your password once to be able to access all of those accounts. Managing many different passwords can be daunting, but picking a good password manager that you trust can make the process much easier.
Once again, try to create new password for every website you sign up for. Use password managers to help you out in creating strong passwords and memorizing them for you.
- Note of Chris Long, Facebook Security Engineer