|
Title: Your Facebook Account has Three Passwords - WTF? Post by: Raoul Duke on May 03, 2012, 10:36:26 AM So, as seen here: http://www.labnol.org/internet/facebook-account-passwords/21241/ your facebook account has 3 passwords.
Read the article first and then come back to comment on this... I wonder what kind of salting and hashing are they using... 3 hashes for each password, or no salting/hashing at all and they just see your facebook password in plain text, and consequently, for at least 50% of users, all of their other passwords? Facebook is funny :P Title: Re: Your Facebook Account has Three Passwords - WTF? Post by: pieppiep on May 03, 2012, 12:25:38 PM Confirmed :)
Weird. I understand the complete case switch for when the capslock is on. But why would you just switch the case of the first character? Title: Re: Your Facebook Account has Three Passwords - WTF? Post by: ingrownpocket on May 03, 2012, 12:46:38 PM Confirmed :) Weird. I understand the complete case switch for when the capslock is on. But why would you just switch the case of the first character? We accept three forms of the user’s password to help overcome the most common reasons that authentic logins are rejected. In addition to the original password, we also accept the password if a user inadvertently has caps lock enabled or their mobile device automatically capitalizes the first character of the password. Title: Re: Your Facebook Account has Three Passwords - WTF? Post by: Valalvax on May 03, 2012, 05:27:41 PM Basically, an extremely minor reduction in your security to drastically lower tech support tickets...
Title: Re: Your Facebook Account has Three Passwords - WTF? Post by: dpifke on May 03, 2012, 10:13:06 PM I wonder what kind of salting and hashing are they using... 3 hashes for each password, or no salting/hashing at all and they just see your facebook password in plain text, and consequently, for at least 50% of users, all of their other passwords? Most big sites use either bcrypt or PBKDF2 for password hashing. The latter because it's standards-based, the former because it's designed to be difficult to implement in hardware and thus slow to crack. Title: Re: Your Facebook Account has Three Passwords - WTF? Post by: Raoul Duke on May 03, 2012, 10:42:45 PM I wonder what kind of salting and hashing are they using... 3 hashes for each password, or no salting/hashing at all and they just see your facebook password in plain text, and consequently, for at least 50% of users, all of their other passwords? Most big sites use either bcrypt or PBKDF2 for password hashing. The latter because it's standards-based, the former because it's designed to be difficult to implement in hardware and thus slow to crack. Yes, but my real doubt is if they are really storing 3 hashes for each password or just storing them in plain text... ;) |