Massive facebook error
By bloodmask
@bloodmask (590)
India
September 24, 2012 10:01pm CST
Late yesterday informed the Facebook people of how a hacker can easily brute force a Facebook password without less effort if a person use only small or caps without mixed character level statements. If a person uses password as 'password' without quotes then they can also use password as 'PASSWORD' that means Facebook password security is weak. So if someone tries to do brute force attack on Facebook then that person can easily guess the password with half the search result needed to find the password using brute force technique. That means if you set your password as 'IamUSER123faceBOOK' so a hacker using brute force technique can get the password easily and log on easily with 'IAMUSER123FACEBOOK' and that is a big security breach.
I think they may have corrected the code if not then you can also try it using only CAPS.
2 responses
@owlwings (43915)
• Cambridge, England
25 Sep 12
Your information is not quite correct. The full explanation is here: http://www.zdnet.com/blog/facebook/facebook-passwords-are-not-case-sensitive-update/3612 It includes a statement from Facebook giving the reasons for the apparent security glitch. I don't find these reasons entirely convincing, I have to say. I still see them as significant reduction in security.
The answer would appear to be: Make your Facebook password as long as possible (at least 10 characters) and make sure that it is as random as possible, with NO recognisable words, including both upper and lower case as well as numerals and symbols.
One good tip for making a long password consisting of pseudo-random characters is to use the first (or second) letters of each word in a long but memorable sentence. For example (but please don't use this one!):
"To be, or not to be; that is the question" is 10 words long.
Take the first letter of each word: "tbontbtitq"
Now replace some of the letters with uppercase, numerals and symbols:
"t60N2B#1Tq" and you have a 10 character password which would be very difficult for a hacker to reproduce and yet relatively easy for you to memorize.
@bloodmask (590)
• India
26 Sep 12
I know that my information is not quite long enough to explain all that new password method. But the problem is that not every one is like your password caring method and would choose easy letters instead of puzzled text. How many of them do you think take password like that, may be around 2 in out of 10 ratio or may be greater than that. So explaining such thing to creating password method over here is just not useful, but it is necessary from developer point of view to stabilize the code to be from security perfect.
