So I just logged on to my FB account and the damn thing is telling me I need to change my password because apparently, it doesn’t like the fact that I use the same password for FB as I do another website.
You know, I don’t mind if FB is selling my profile to advertisers, really, I couldn’t care less. But how in the fuck do these guys know what passwords I’m using for other websites? (I’m guessing it’s from websites that require you to use your FB account to make posts, but still, they shouldn’t be sharing my password with each other.)
You say Facebook “doesn’t like” the fact. What message, exactly, does Facebook give you? does it somehow bar you from using the password, or does it simply offer a tip? And are you sure it’s not just saying that you can’t use a password that was previously used for Facebook?
No idea exactly what happened behind the scenes, but one possibility I can think of. I have heard that account information including encrypted passwords had been stolen from at least one large organization (Adobe? not sure). Even if passwords are encrypted if you know that the same encryption method was used on two different systems you can determine whether the clear-text password is the same for both (note I didn’t say you can determine what the password is, just that whatever it is it is the same on both).
Are you an Adobe customer, or have you ever had an Adobe account? A shitload of Adobe passwords were breached, and FB has been warning FB users who used the same password on both sites.
With the prevalence of social media, just using the same password on Facebook and some other site is inviting trouble. Especially if the other site is associated with the email address used for Facebook.
There are those who make a hobby of trying to crack passwords used in social media then see where else those passwords are good.
It shouldn’t be if the site is using a secure method. It is trivially simple to ensure that the same password is encrypted to a different value on different sites, even when they use the same encryption scheme, by combining the password with a random sequence of bits and storing those bits along with the encrypted password. It is called “salting”.
One more reason to piss on Facebook.
Facebook is like the creepy uncle who is the life of the party, but once your alone with uncle Facebook he’s a real shithead!
Just today I drew a total tryptophan turkey induced blank trying to remember all my passwords to pay bills, collect rewards, gear up for cyber shopping, withdraw cash.
There just has to be an easier way to password haven!
It’s because the other site you were using was dumb enough to have their passwords breached. Both Facebook and Google have done this on a couple of occasions when such an event occurs.
If you don’t want that warning to come up again, use a unique password for your FB and Google accounts.
There is - use a password safe to generate and save the passwords and then set a master password so that all you need to do to log in is type that one password. Try LastPass, KeePass or Roboform.
Yeah, this is almost certainly Facebook doing something positive.
As others have pointed out, probably another website (likely Adobe) was breached, and your email/password on that site became public. And since your email/password on Facebook is the same, anybody could log into your Facebook account with that public info.
This is in fact Facebook going a step farther than most websites in protecting your privacy.
All my important sites now have nice long passwords consisting of random letters, numbers, and special characters. My main LastPass password is one that’s very easy for me to remember, but is also long enough and complex enough to make dictionary and brute force attacks almost impossible.
I’ve got one password I use for all my fun media type stuff. I also use a separate E-mail for my fun type stuff. I use various other passwords for work or anything to do with money or my personal ID.
I’m just pissed because FB has effectively fucked up my system. Now, I have to remember two passwords for my fun media type stuff.
I post on The Huffpo from time to time. Huffpo makes me use my FB account to make posts. I’m thinking Huffpo is the guilty culprit.
Well, no. You should change your passwords for all your fun media type stuff (to the same new password if you like). You have PROOF that your password got leaked. Literally anyone can now log into any of your fun media type stuff at any time by just downloading the right torrent.
Maybe they don’t, but someone wants you to think they do. Are you 100% sure the message was from Facebook, and not from some rogue phishing program either on the site or in your computer? After getting the message, you didn’t just click on the “change your password here” link, did you?
You seem to be under the impression that people care when their passwords are breached on “fun media stuff.” The whole reason behind using the same password is that you don’t care.
Granted, I personally don’t put Facebook in that category since it knows my real name and real life friends, but to each their own. I do, however, have 100s of forum accounts with the same username and password (different from this one). If my password got breached, there’s no way I would bother changing them.
I don’t think that the site should be telling me how secure I want to be. If I want to create a throwaway account where I don’t care if someone else finds it, let me. Sure, maybe let me know that something is insecure, but then let me choose whether I’m okay with that insecurity.
Well said. FTR, I don’t have any friends on FB, that’s not what I use it for. I use it as a utility to post on other websites and to look at other FB accounts. I do so begrudgingly. I don’t even like FB. Even before this password nonsense.
++.
I use “good” passwords on accounts that have financial implications, but the same trivial easy-to-remember password for message boards, etc. If someone wants to hack in to septimus@SDMB and make me look like a fool, have at it! (That might not be awfully different from the status quo.)
Most irritating was when I tried to create an account at stackoverflow. It rejected my passwords one-by-one, each time adding a single new requirement. Eventually, when I’d learned my password would need a lower-case letter AND an upper-case letter AND a digit AND a special symbol AND have a minimum length, I gave up, now always posting in “guest” mode.
