Facebook confirms Thursday last week that hundred and millions of user passwords were being stored in a “readable form” that allows thousands of its employees to access and understand it. While Facebook has already notified the users affected by the password leak, the California-based tech company has assured that none of its employees violated any privacy protocols in handling the exposed database.
Facebook’s Pedro Canahuati, vice president of engineering for security and privacy, initially referred to “some” user passwords that were accessible to Facebook employees. A paragraph later, he revealed that “hundreds of millions of Facebook Lite users, millions of Facebook users, and tens of thousands of Instagram users” would be notified.
Facebook said that the issue is an internal one. “To be clear, these passwords were never visible to anyone outside of Facebook, and we have found no evidence to date that anyone internally abused or improperly accessed them,” Canahuati wrote.
There is nothing more important to us than protecting people’s information, and we will continue making improvements as part of our ongoing security efforts at Facebook,” he added.
Those who were affected by the said data leak are advised to change their passwords. And if you are one of those with an exposed password, you should do it now.
HOW TO CHANGE FACEBOOK PASSWORD
To change your password on Facebook if you’re already logged in:
- Click account settings in the top right corner of any Facebook page and select Settings.
- Click Security and Login.
- Click Edit next to Change Password.
- Enter your current password and new password.
- Click Save Changes.
If you’re logged in but have forgotten your password, follow the steps under Change Your Password then click “Forgot your password?” and follow the steps to reset it. Keep in mind that you’ll need access to the email associated with your account.
To reset your password if you’re not logged in to Facebook:
- Go to the Find Your Account Page.
- Type the email, mobile phone number, full name or username associated with your account, then click Search.
- Follow the on-screen instructions.
If you’re still having trouble resetting or changing your password, it’s better to contact Facebook support for help.
Furthermore, the leak also affected Instagram users. If you have been messaged by Facebook to notify you that your Instagram account was one of those with exposed passwords, you should also change your password as soon as possible.
HOW TO CHANGE YOUR INSTAGRAM PASSWORD
If you’re able to log into your account and know your current password, you can change it from your Settings:
- Go to your profile and tap the button in the top right.
- Tap Settings > Privacy and Security > Password.
- Enter your current password and then enter your new password.
- Tap Save or the check button in the top right.
Instagram also urges people to use strong passwords by using a combination of at least six numbers, letters and punctuation marks (like! and %).
While the concept of a “strong password” is clear to some, there are still people who create passwords that are relatively weak. The password strength indicator that some services have is not even accurate. If you’re one of those who is struggling to create a strong password, here’s a few tips.
HOW TO CREATE STRONG PASSWORDS
According to Chris Hofman, the following are the best practices to make sure that your passwords are strong:
Has 12 Characters, Minimum: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better.
Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.
Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.
Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.
If you have been notified by Facebook that your account password was included in the data breach, change it as soon as possible. Also, even if you’re not part of that breach, it’s also advisable to change your passwords as well (for an added layer of protection). All you have to remember is to make sure that your new password is stronger than your previous one. /apr