Your Facebook Account has Three Passwords

Raoul Duke (OP)

aka psy
Legendary

Offline

Activity: 1358
Merit: 1002

Your Facebook Account has Three Passwords - WTF?

May 03, 2012, 10:36:26 AM

So, as seen here: http://www.labnol.org/internet/facebook-account-passwords/21241/ your facebook account has 3 passwords.

Read the article first and then come back to comment on this...

I wonder what kind of salting and hashing are they using... 3 hashes for each password, or no salting/hashing at all and they just see your facebook password in plain text, and consequently, for at least 50% of users, all of their other passwords?

Facebook is funny Tongue

1715500387

Hero Member

Offline

Posts: 1715500387

Ignore

1715500387

1715500387


	Report to moderator

If you see garbage posts (off-topic, trolling, spam, no point, etc.), use the "report to moderator" links. All reports are investigated, though you will rarely be contacted about your reports.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.

1715500387

Hero Member

Offline

Posts: 1715500387

Ignore

1715500387


	Report to moderator

1715500387

Hero Member

Offline

Posts: 1715500387

Ignore

1715500387


	Report to moderator

1715500387

Hero Member

Offline

Posts: 1715500387

Ignore

1715500387


	Report to moderator

pieppiep

Hero Member

Offline

Activity: 1596
Merit: 502

Re: Your Facebook Account has Three Passwords - WTF?

May 03, 2012, 12:25:38 PM

Confirmed

Weird.
I understand the complete case switch for when the capslock is on. But why would you just switch the case of the first character?

ingrownpocket

Legendary

Offline

Activity: 952
Merit: 1000

Re: Your Facebook Account has Three Passwords - WTF?

May 03, 2012, 12:46:38 PM

Quote from: pieppiep on May 03, 2012, 12:25:38 PM

Confirmed

Weird.
I understand the complete case switch for when the capslock is on. But why would you just switch the case of the first character?

We accept three forms of the user’s password to help overcome the most common reasons that authentic logins are rejected. In addition to the original password, we also accept the password if a user inadvertently has caps lock enabled or their mobile device automatically capitalizes the first character of the password.

Valalvax

Sr. Member

Offline

Activity: 437
Merit: 250

Re: Your Facebook Account has Three Passwords - WTF?

May 03, 2012, 05:27:41 PM

Basically, an extremely minor reduction in your security to drastically lower tech support tickets...

dpifke

Newbie

Offline

Activity: 12
Merit: 0

Re: Your Facebook Account has Three Passwords - WTF?

May 03, 2012, 10:13:06 PM

Quote from: psy on May 03, 2012, 10:36:26 AM

I wonder what kind of salting and hashing are they using... 3 hashes for each password, or no salting/hashing at all and they just see your facebook password in plain text, and consequently, for at least 50% of users, all of their other passwords?

Most big sites use either bcrypt or PBKDF2 for password hashing. The latter because it's standards-based, the former because it's designed to be difficult to implement in hardware and thus slow to crack.

Raoul Duke (OP)

aka psy
Legendary

Offline

Activity: 1358
Merit: 1002

Re: Your Facebook Account has Three Passwords - WTF?

May 03, 2012, 10:42:45 PM

Quote from: dpifke on May 03, 2012, 10:13:06 PM

Quote from: psy on May 03, 2012, 10:36:26 AM

Yes, but my real doubt is if they are really storing 3 hashes for each password or just storing them in plain text... Wink

Pages: [1]

Bitcoin Forum > Other > Beginners & Help > Your Facebook Account has Three Passwords - WTF?

« previous topic next topic »