Facebook is forcing me to change my password... -.-"

[smileyhead]

Today, I got kicked out of Facebook on my phone, and it told me I have to log in on a computer. As soon as I got to my computer, this lovely message welcomed me:

It's forcing me to change my password. There's nothing I can do.
What is this bullshit?!

 

[Touko White]

So Facebook scans hacker logs with your password? How nice.

 

[FAST6191]

I imagine it is more that when password lists and usernames/emails get dumped online then facebook gets them and runs the hashes of the passwords against yours, if the usernames/emails match a password then it sends that message up so people do not have their facebook account hijacked. So many people reuse passwords that if you know an email then the would be hacker probably has it worth their time to try it out against all the popular email providers, facebook and similar such "high value" sites.

 

[Touko White]

I always thought the point of a hash is that it cannot be decrypted.

 

[FAST6191]

Depends upon the hash method as some are able to be brute forced. There are rainbow tables I suppose (hash every word and common variation on it in the dictionary, you will make something a few gigabytes in size but that is nothing major and it will allow for fun, more http://project-rainbowcrack.com/table.htm ), and they mean you also have to salt things, preferably with a unique salt for every user (millisecond they joined being a good example).

I did wonder what Facebook did here. I imagine they have their salted tables used for normal logins but then the plainly hashed or otherwise salted passwords for the rest if they wanted to keep things a bit separate. Whether they maintain their own set of rainbow tables I am not sure.

 

[Deleted User]

Shit, I should probably check to see if Facebook is yelling at me about this too. I use Facebook to log into a bunch of other sites.

 

[daxtsu]

Shit, I should probably check to see if Facebook is yelling at me about this too. I use Facebook to log into a bunch of other sites.

tomat0MomtHor_bund69 won't work anymore.

 

[migles]

Shit, I should probably check to see if Facebook is yelling at me about this too. I use Facebook to log into a bunch of other sites.

that's why i have several levels of passwords...
highers level password for email (with this you will gain access to other stuff using the recovery options)
a password for important websites with sensitive info that can cost me money (amazon, ebay, paypal)
another password for semi-important stuff (online profiles like a facebook account)
and a password that i use on general stuff like forums or sites that don't have any sensitive info about me
there is also bullshit logins that i use on websites that give me "you need to register for that" bullshit and are against bugmenot.. but those i use temporary email...

 

[FAST6191]

Shit, I should probably check to see if Facebook is yelling at me about this too. I use Facebook to log into a bunch of other sites.

This issue is not anything to do with using the facebook "social login" scripts, that would be serious news spread all over if that had a problem. If you want the technical side of things about it all works then facebook have a nice developer guide https://developers.facebook.com/docs/facebook-login . This is more that facebook has people watching for password and username dumps and checks the results against their database, if it detects a match to a leaked database then it forces a password change.

It is more likely that the OP registered for some poorly secured forum/website/shop/whatever and reused a password, whether intentionally or unintentionally (even if you do secure passwords are they combinations of the same word fragments and numbers that mean something to you? Most seem to use 3 words and maybe 4 numbers, however as most can not be bothered to learn a password longer than 9 or so characters that is a rather limited number of combinations). Sad poor security led to a leak somewhere and facebook got a dump from that.

 

[Deleted User]

This issue is not anything to do with using the facebook "social login" scripts, that would be serious news spread all over if that had a problem. If you want the technical side of things about it all works then facebook have a nice developer guide https://developers.facebook.com/docs/facebook-login . This is more that facebook has people watching for password and username dumps and checks the results against their database, if it detects a match to a leaked database then it forces a password change.

It is more likely that the OP registered for some poorly secured forum/website/shop/whatever and reused a password, whether intentionally or unintentionally (even if you do secure passwords are they combinations of the same word fragments and numbers that mean something to you? Most seem to use 3 words and maybe 4 numbers, however as most can not be bothered to learn a password longer than 9 or so characters that is a rather limited number of combinations). Sad poor security led to a leak somewhere and facebook got a dump from that.

Oh, I know that the social login scripts weren't the problem. I was just saying that if someone got into my Facebook account, they could get into a ton of other sites I use.

 

[FAST6191]

Yeah single point of failure is something to be avoided.

 

[Touko White]

Try to guess my password to my computer, the hint:

RED BEE 06/01

 

[smileyhead]

"I want to have sex with Cammy"?

(Pls don't hate me for this. )

 

[Touko White]

Nope. I would though...

 

[smileyhead]

Nope. I would though...

Lenny face intensifies.