Facebook Chief Security Officer, Alex Stamos revealed that the company buys passwords that are sold on the black market by hackers. He added that the company cross references the stolen passwords with encrypted passwords on the platform, to ensure that the users don’t use them for their accounts.
“Keeping FB safe and keeping it secure are two different things. Security is about building walls to keep out threats and shore up defences, but safety is bigger than that. It turns out that we can build perfectly secure software and yet people can still get hurt.”, Stamos said at the Web Summit in Lisbon. He also added that reuse of the same password over different platforms is the primary cause of harm on the Internet.
It was also found that the stolen passwords were quite similar. For example, passwords like “123456” are weak; and if users use such passwords, their accounts are prone to security threats.
Stamos stated that although the process was “computationally heavy” and time consuming, it ensures that the users are alerted that their passwords are not strong enough. As we all know, Facebook is one of the most secure social apps on the Internet and employs a variety of tools to ensure maximum security, which ranges from two-factor authentication to identification of friends’ faces. The company also uses machine learning algorithms to find out if any activity on your account is fraudulent. Another concept presently being developed is to allow close friends of users to verify account recovery request, in case the account is hacked.