Facebook shrugs off claims of password insecurity

Security

by Jimmy Nicholls| 18 June 2014

Social network disputes verdict from software firm Dashlane.

Facebook has dismissed claims that its password security is inadequate, following a report by software firm Dashlane that criticised the firm's credentials policy.

The report checked password policy on websites popular in the UK, noting minimum password length, whether password had to include numbers and letters of both cases, and whether users were shown the password strength, among other factors.

Websites were scored between -100 to 100, with those graded below 50 judged to be below Dashlane's security standard, which resulted in 80% of websites being found wanting, including Facebook.

A spokesman from the social network said: "We would score our password practices quite differently. We were one of the first online service providers to offer two factor authentication, and we use an advanced automated system to detect suspicious login behavior.

"For example, if someone tries to access an account from Europe just a few hours after logging in from the US we will ask for additional information before allowing the login. With hundreds of millions of logins a day, we are confident that our measures are strong and effective."

Two factor authentication asks for two types of credentials, such as a credit card and a PIN code at a cash point, and is generally regarded as more secure than single factor authentication, such as a password.

Dashlane chief executive Emmanuel Schalit said: "Our study found a clear and direct correlation between a website's password requirements and the average strength of a user's password. Sites that require more complex passwords have users with greater password strength.

"Companies and websites have no excuse for their poor password policies. Implementing strong password policies is extremely cheap and can easily be done with readily available open-source technology."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.