zlacker

I find facebook's effects on privacy and democracy as scary as the next person, but so far their secure coding standards have been extremely high. They're one of the few big names NOT on haveibeenpwned.com, they run their passwords through a KDF and then encrypt the result with a hardware security module, and a whole lot of other good things.

I guess even the best (at secure coding) sometimes mess up.

>>red_ad+(OP)
Many users are still going to use the same password for their FB account and email account. All the security in the world won't fix people.

>>51lver+7k
Pervasive biometric security may be the next step. I know it's scary and could actually be abused but it also can generally increase the level of security for everyone.

>>red_ad+(OP)
The issue is that Facebook has access to so much information that their security has to essentially be unbreakable if they don’t want a massive leak of sensitive user information.

>>ilaksh+lo
If your password is leaked, then you can still reset it. If your fingerprint signature leaks, you're out of options.

>>lurker+hz
Burn your fingers!

>>red_ad+(OP)
They're one of the few big names NOT on haveibeenpwned.com

Have Amazon, Google, Twitter, Microsoft or Apple been on haveibeenpwned? That’s what I think of when I hear “big names”.

>>why_on+RL
This may be an urban legend, but I've heard there was once a bank robber who dipped his fingertips in acid. After a few months, his fingers healed, and the prints were exactly the same as before.

>>red_ad+(OP)
The fact that passwords have never been leaked is irrelevant when a hacker can just get hold of the access tokens!

>>ern+0M
MS yes, via LinkedIn (at least)

>>koko77+da1
Not the same.. that breach was way before the acquisition, you can't conclude from that breach that MS development or security practices were lacking ..

>>ilaksh+lo
Something like left eye iris scan for Google, right eye iris scan for FB, left index fingerprint for AWS?