Fed up with landing on front pages every time someone gets ahold of some passwords, Facebook has decided to be proactive. Last week, Facebook announced it built a system to monitor “paste” sites commonly used to distribute login credentials or advertise credentials for sale.1

When it gets ahold of login credentials, Facebook’s system will check them against its users’ credentials by comparing the hashes.2 If they match, Facebook will alert the user and force a password change.

Related“Q: Doesn’t My Password Protect My Computer?”

It’s pretty awesome that Facebook is doing this, and I hope more companies will follow suit.

(h/t Ryan Calo)

  1. If you want to see an example, just go to Pastebin and type in passwords

  2. “This is a completely automated process that doesn’t require us to know or store your actual Facebook password in an unhashed form. In other words, no one here has your plain text password.” 

Leave a Reply