Facebook has come to the realization that securing a server just isn’t enough to keep passwords out of the hands of cyber criminals anymore, which is why the company is approaching security a little differently. Facebook has announced that for the past few months, they’ve been searching anonymous posting sites like Pastebin and the dark web for leaked passwords and pro-actively trying to login to accounts to check if the password is legitimate.
As we saw earlier this week with Dropbox, or last month with iCloud, just securing a server isn’t enough to keep passwords out of the hands of cyber criminals. Plenty of site users can fall victim to phishing scams amongst other methods of obtaining passwords.
If Facebook can confirm that a working password is up for grabs on the net, then the user will be notified and their password will be automatically reset. The obvious hope here is that if a password makes its way on to the dark web, Facebook will find it before more criminals do.
The core of the problem is password recycling as if you use the same password across many sites, a hacker only needs to find your password once to have access to many accounts.
You can read more about Facebook’s new Password protection measurements, HERE.
Discuss on our Facebook page, HERE.
KitGuru Says: It’s not necessarily Facebook’s fault if someone manages to steal your password outside of the company’s own database, so it’s good to see that the social network’s security team is taking a pro-active approach to keeping accounts safe from cyber criminals.