Facebook passwords are reeeeeally lenient

Post Reply
User avatar
GeneticJen
Queen of the Drone Age
Posts: 840
Joined: Fri Jul 31, 2009 7:09 pm
About me: Kylo Jen. Qui-Gon Jen. Old Jen Kenobi. Jen Erso.
Contact:

Facebook passwords are reeeeeally lenient

Post by GeneticJen » Wed Oct 18, 2017 4:56 pm

I just learned something new. If your password for Facebook is "paSSword" you can add an extra character ("paSSword1") or change the case ("PAssWORD") and it all still works. I guess it's to improve user experience and save money on support for password resets but it still strikes me as worrying. I don't think it makes it much less secure but it just doesn't sit right with me. Especially if you use your FB password as a universal login for other services. Anyone with experience in this sort of thing?

User avatar
NineBerry
Tame Wolf
Posts: 8950
Joined: Thu Feb 26, 2009 1:35 pm
Location: nSk
Contact:

Re: Facebook passwords are reeeeeally lenient

Post by NineBerry » Wed Oct 18, 2017 4:58 pm

This is a lie.

User avatar
GeneticJen
Queen of the Drone Age
Posts: 840
Joined: Fri Jul 31, 2009 7:09 pm
About me: Kylo Jen. Qui-Gon Jen. Old Jen Kenobi. Jen Erso.
Contact:

Re: Facebook passwords are reeeeeally lenient

Post by GeneticJen » Wed Oct 18, 2017 6:19 pm

Elaborate? I've asked others to try and it works. And I've done this fresh (new browser, no cookies, new PC etc). If I type in my password and then add an extra character I can still log in. You can't? I've asked others to replicate and they're reporting the same thing so we're all lying?

User avatar
NineBerry
Tame Wolf
Posts: 8950
Joined: Thu Feb 26, 2009 1:35 pm
Location: nSk
Contact:

Re: Facebook passwords are reeeeeally lenient

Post by NineBerry » Wed Oct 18, 2017 6:56 pm

It's true, but I am happy that Facebook is not actually storing passwords, but uses a different technology.

https://security.stackexchange.com/ques ... 4577_53483

User avatar
GeneticJen
Queen of the Drone Age
Posts: 840
Joined: Fri Jul 31, 2009 7:09 pm
About me: Kylo Jen. Qui-Gon Jen. Old Jen Kenobi. Jen Erso.
Contact:

Re: Facebook passwords are reeeeeally lenient

Post by GeneticJen » Wed Oct 18, 2017 7:06 pm

Someone on Twitter found this
DMcTCP1VwAAWAd6.jpg
DMcTCP1VwAAWAd6.jpg (27.09 KiB) Viewed 1299 times

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 22 guests