Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.

    SUBMIT

Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence

Disclaimer:

Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
CO-PRESENTED BY
LIVE TV DownloadNews18 App
News18 English
272
nda:
Needmore seats to Win
Needmore seats to Win
upa:
»
3-min read

Worried that Facebook Employees Know Your Password? Here are Some Pro Security Tips

Facebook allowed hundreds of millions of user passwords to be accessible to by its employees for years and Facebook violated fundamental computer-security practices. Now, cybersecurity company Sophos is offering advice on what people can do.

News18.com

Updated:March 22, 2019, 3:08 PM IST
facebookTwittergoogleskypewhatsapp
Worried that Facebook Employees Know Your Password? Here are Some Pro Security Tips
For representational purpose. (Photo: Getty Images)
Loading...
Facebook has said it has fixed a security issue wherein millions of its users' passwords were stored in plain text and "readable" format for years and according to reports, were searchable by thousands of its employees. The report by KrebsOnSecurity claimed on Thursday that around 200-600 million Facebook users may have had their account passwords stored in plain text and searchable by over 20,000 Facebook employees.

Federal prosecutors in the US are now also probing whether top executives of Facebook, already mired in data breaches, were aware of data harvesting by the British political consulting firm Cambridge Analytica. According to a report in The Guardian on Sunday, federal prosecutors' investigation claims that the social media giant has "covered up" the extent of its relationship with Cambridge Analytica.

John Shier, senior security advisor at cybersecurity firm Sophos about how this story ties into all the other recent news of Facebook, saying, “Despite the recent public struggles Facebook has had with respect to privacy and security, this incident is a little different. Authentication data is something that Facebook treats very seriously and has put in place many mechanisms, both externally and internally, to ensure that user credentials are safeguarded. While the details of the incident are still emerging, this is likely an accidental programming error that led to the logging of plain text credentials."

He addede, "That said, this should never have happened and Facebook needs to ensure that no user credentials or data were compromised as a result of this error. This is also another reminder for people who are still reusing passwords or using weak passwords to change their Facebook password to something strong and unique and to turn on 2-factor authentication.”

Paul Ducklin, senior technologist, Sophos, has answers for some of your most pressing enquiries over this latest security threat:

Q. Should I change my Facebook password?
Ducklin: Why not? It's perfectly possible that no passwords at all fell into the hands of any crooks as a result of this. But if any passwords did get into the wrong hands (and you can bet your boots that the crooks are trawling through any old data they might have right now, to see if there is anything they missed before), then you can expect them to be abused. Hashed passwords still need to be cracked before they can be used; plaintext passwords are the real deal without any further hacking or cracking needed. So our advice is: change your password now.

Q. Should I turn on two-factor authentication?
Ducklin: Yes, turn on two-factor authentication (2FA) now. We've been urging you to do use two-factor authentication everywhere you can anyway - it means that a password alone isn't enough for crooks to raid your account.
If you are reluctant to give Facebook your phone number, use app-based authentication, where your mobile phone generates a one-time code each time you log in.

Q. Should I close my Facebook account?
Ducklin: We can't answer that for you. Given that the wrongly-stored passwords weren't easily accessible in one database, or deliberately stored for routine use during logins, we don't think this breach alone is enough reason to terminate your account. On the other hand, it's a pretty poor look for Facebook, and it might be enough, amongst all the other privacy concerns that have dogged Facebook in recent years, to convince you to take that final step. In short, you have to decide for yourself. If it helps you decide, we're not closing our accounts.
(Get detailed and live results of each and every seat in the Lok Sabha elections and state Assembly elections in Andhra Pradesh, Odisha, Arunachal Pradesh and Sikkim to know which candidate/party is leading or trailing and to know who has won and who has lost and by what margin. Our one-of-its-kind Election Analytics Centre lets you don a psephologist’s hat and turn into an election expert. Know interesting facts and trivia about the elections and see our informative graphics. Elections = News18)
| Edited by: Shantanu David
Read full article
Loading...
Next Story
Next Story

Also Watch

facebookTwittergoogleskypewhatsapp
 
 

Live TV

Loading...
Countdown To Elections Results
  • 01 d
  • 12 h
  • 38 m
  • 09 s
To Assembly Elections 2018 Results