Your Facebook Account has Three Passwords

Raoul Duke (OP)

aka psy
Legendary

Offline

Activity: 1358
Merit: 1002

Your Facebook Account has Three Passwords - WTF?

May 03, 2012, 10:36:26 AM

So, as seen here: http://www.labnol.org/internet/facebook-account-passwords/21241/ your facebook account has 3 passwords.

Read the article first and then come back to comment on this...

I wonder what kind of salting and hashing are they using... 3 hashes for each password, or no salting/hashing at all and they just see your facebook password in plain text, and consequently, for at least 50% of users, all of their other passwords?

Facebook is funny Tongue

1713573866

Hero Member

Offline

Posts: 1713573866

Ignore

1713573866

1713573866


	Report to moderator

1713573866

Hero Member

Offline

Posts: 1713573866

Ignore

1713573866


	Report to moderator

1713573866

Hero Member

Offline

Posts: 1713573866

Ignore

1713573866


	Report to moderator

Once a transaction has 6 confirmations, it is extremely unlikely that an attacker without at least 50% of the network's computation power would be able to reverse it.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.

1713573866

Hero Member

Offline

Posts: 1713573866

Ignore

1713573866


	Report to moderator

1713573866

Hero Member

Offline

Posts: 1713573866

Ignore

1713573866


	Report to moderator

pieppiep

Hero Member

Offline

Activity: 1596
Merit: 502

Re: Your Facebook Account has Three Passwords - WTF?

May 03, 2012, 12:25:38 PM

Confirmed

Weird.
I understand the complete case switch for when the capslock is on. But why would you just switch the case of the first character?

ingrownpocket

Legendary

Offline

Activity: 952
Merit: 1000

Re: Your Facebook Account has Three Passwords - WTF?

May 03, 2012, 12:46:38 PM

Quote from: pieppiep on May 03, 2012, 12:25:38 PM

Confirmed

Weird.
I understand the complete case switch for when the capslock is on. But why would you just switch the case of the first character?

We accept three forms of the user’s password to help overcome the most common reasons that authentic logins are rejected. In addition to the original password, we also accept the password if a user inadvertently has caps lock enabled or their mobile device automatically capitalizes the first character of the password.

Valalvax

Sr. Member

Offline

Activity: 437
Merit: 250

Re: Your Facebook Account has Three Passwords - WTF?

May 03, 2012, 05:27:41 PM

Basically, an extremely minor reduction in your security to drastically lower tech support tickets...

dpifke

Newbie

Offline

Activity: 12
Merit: 0

Re: Your Facebook Account has Three Passwords - WTF?

May 03, 2012, 10:13:06 PM

Quote from: psy on May 03, 2012, 10:36:26 AM

I wonder what kind of salting and hashing are they using... 3 hashes for each password, or no salting/hashing at all and they just see your facebook password in plain text, and consequently, for at least 50% of users, all of their other passwords?

Most big sites use either bcrypt or PBKDF2 for password hashing. The latter because it's standards-based, the former because it's designed to be difficult to implement in hardware and thus slow to crack.

Raoul Duke (OP)

aka psy
Legendary

Offline

Activity: 1358
Merit: 1002

Re: Your Facebook Account has Three Passwords - WTF?

May 03, 2012, 10:42:45 PM

Quote from: dpifke on May 03, 2012, 10:13:06 PM

Quote from: psy on May 03, 2012, 10:36:26 AM

Yes, but my real doubt is if they are really storing 3 hashes for each password or just storing them in plain text... Wink

Pages: [1]

Bitcoin Forum > Other > Beginners & Help > Your Facebook Account has Three Passwords - WTF?

« previous topic next topic »