Facebook buys passwords off the black market to make your account more secure

The company cross references passwords with those bought off the black market, to ensure users don't choose vulnerable passwords.

Published Date
10 - Nov - 2016
| Last Updated
11 - Nov - 2016
Facebook buys passwords off the black market to make your account...

Facebook Chief Security Officer Alex Stamos has revealed that the company buys passwords that are sold on the black market by hackers. He added that the company cross references stolen passwords with encrypted passwords on the platform, to ensure that Facebook users do not use them for their accounts.

Speaking at the Web Summit in Lisbon, Stamos stated that, “Keeping Facebook safe and keeping it secure are two different things.” “Security is about building walls to keep out threats and shore up defences,” but safety is bigger than that said Stamos. “It turns out that we can build perfectly secure software and yet people can still get hurt,” he observed.

"Usernames and passwords are an idea that come out of 1970s mainframe architectures....they were not built for 2016," said Stamos. "The reuse of passwords is the No. 1 cause of harm on the internet," the CSO noted.

It has been observed that many of the stolen passwords are quite similar. For instance, passwords such as "123456" and other such consecutive numbers are especially weak. If users use similar passwords, their accounts become prone to more security threats.

Stamos stated that although the process was "computationally heavy" and time consuming, it ensures that Facebook users are alerted when their passwords are not strong enough. Facebook employs a variety of tools and methods to ensure maximum security, which range from two-factor authentication to identification of faces of friends. The company also applies machine learning algorithms to find out if any activity on your account is fraudulent. Another concept presently being developed is to allow close friends of users to verify account recovery request, in case the account is hacked.

"Even though we provide these options, it is our responsibility to think about those people that choose not to use them," Stamos concluded.