One of the most devastating facet of data breaches involving passwords is that it’s not only one online account that will be compromised, say an email account, but most of the time our social media, bank and other Internet accounts as well. Now Facebook wants, at the very least, to alleviate your fears of hacking by monitoring websites through which hackers sell stolen passwords.
Facebook’s efforts of notifying users when their passwords have been stolen started last year amid the hacking of several Adobe accounts, albeit only in low profile. The social media will then determine if any of the stolen passwords it finds matches any one of the passwords used on its website. Facebook will then disable a compromised password and inform the user of the unfortunate compromise.
The social media giant assures users that it would never store passwords in their text forms, instead the sensitive data will be checked in a hash representation, which will help Facebook match stolen passwords with any of the passwords used by its over one billion users. That means the monitoring process is done in an encrypted form of the password.
But Zuckerberg & Company advises users to implement the same password that they use on Facebook in all other websites that they have signed up for. I think that it is an ill advise if only because contradictory to best practices online. While the company’s intentions are good, there remains the downside of it.
Even if you will be notified when that common password is stolen, hackers work at the speed almost of light, meaning that you might not be able to catch up with their operations at enough timing so as to save your other accounts from being compromised as well as your Facebook account.
There is also the trust issue. Facebook wants users to entrust their sensitive data to the social media giant, which has a shoddy privacy history. We’ve seen so many reports of covert tracking by Facebook in the past, and that alone is enough to discourage users from believing Facebook won’t snoop on their private information.
But that is not to say that there are no benefits from this initiative by Facebook. Alerting users of a compromise involving their confidential data will help to raise awareness among users and do the necessary actions. Just be sure to bolster your Facebook login security if you intend to implement it as your core login detail for all your online accounts.