Facebook stores millions of passwords in plain text, what should you do?
Facebook is on a streak of bad luck and just a few days ago, it’s been revealed that the social media giant has been storing millions of passwords in a plain text file, which should have been encrypted and scrambled.
While we do not understand the full extent of the unnecessary logging of our passwords, British security software and hardware company, Sophos, advised that we should change our passwords. Because, why not?
Paul Ducklin, Senior Technologist at Sophos, said:
It’s perfectly possible that no passwords at all fell into the hands of any crooks as a result of this. But if any passwords did get into the wrong hands (and you can bet your boots that the crooks are trawling through any old data they might have right now, to see if there is anything they missed before), then you can expect them to be abused. Hashed passwords still need to be cracked before they can be used; plaintext passwords are the real deal without any further hacking or cracking needed. So our advice is: change your password now.
But changing your passwords to prevent your account from being hacked is not enough. Many platforms, including Facebook, are now offering two-way authentication (2FA) as an additional form of deterrence to their platform to reduce the possibility of a cyber attack on their users’ accounts. Sadly, not many people are using 2FA citing confidence in their passwords. But really, you should.
“We’ve been urging you to use two-factor authentication everywhere you can anyway – it means that a password alone isn’t enough to prevent crooks from raiding your account,” said Paul.
“If you are reluctant to give Facebook your phone number, use app-based authentication, where your mobile phone generates a one-time code each time you log in,” he added.
To change or not to change? It’s up to you. But consider this: You put almost every moment of your life on Facebook, why not protect it and keep it safe.