While Facebook is rolling out the new privacy controls it announced yesterday, it ought to fix the gaping security flaw in its password system that I reported here two weeks ago, which lets users adopt extremely weak passwords like "circus" and "better."
Besides the above two words, which can be easily cracked by password-cracking software, Facebook still lets people use 8 more common words that I reported here two weeks ago. Note: Facebook itself rates all of these as "weak" but inexplicably still lets you use them:
- orphan
- higher
- medley
- valued
- secure
- social
- hijack
- victim
So what’s the risk in using such words? Once someone cracks them, the next thing you know, all your Facebook friends are getting messages from you saying you’ve been robbed in London and need money wired immediately.
Still, two weeks after I revealed this significant flaw in Facebook’s password system, they haven’t fixed it.
Why? Is the hole too small to be worth patching?
No, and the hole is bigger than I initially thought. Turns out there are more extremely weak passwords that Facebook allows that could too easily get your Facebook account hijacked. Here are 10 of them:
- easily
- hardly
- fairly
- height
- weight
- beside
- inside
- afford
- inform
- lawyer
That makes 20 in all.
How many more do we need to know before Facebook fixes this security problem?
Let me know what you think. Meanwhile, follow these tips to secure your Facebook account.
—Jeff Fox
Previous
Post a comment
Comments: