Seriously Facebook? Seriously? This is getting re-god-damn-diculous. Facebook once again made a balls of privacy. The passwords of millions of users were stored in plain text and were fully accessible by employees with internal access. You’ve no idea how frustrating this is for someone like me who is always trying to promote the best side of tech. Join me as I explain what happened along with why this is such a mess while also giving you an incredible tool called LastPass that will protect you from companies who clearly just don’t care about your privacy.
Facebook and Privacy Problems
As you may have detected from my intro there, I’m extremely annoyed and angry that Facebook has had yet another bloody password privacy issue. It seems that the light shone on the social media giant following the Cambridge Analytica scandal has also uncovered quite a few other demons too.
In September of last year, it emerged that some crappy coding on Facebook led to hackers being able to steal access tokens and access people’s accounts.
The Latest Privacy Mess Up
It’s not a breach. It’s not a hack. What Facebook did this time was basically not care about the basic rules and best practices when it comes to storing people’s passwords. But what does that mean?
According to Facebook, “hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users” had their passwords stored in plain text on systems accessible by company employees. The reason this wasn’t a breach or a hack is because Facebook maintains none of their employees did anything with the passwords. Sound Facebook.
Regardless of whether or not something happened with this data, it’s a disgrace that Facebook stores passwords of anyone anywhere in plain text.
Password Hashing
Plain text passwords are basically passwords saved in a format that’s nice an easy to read. Thing of it like saving a load of passwords into a Word document. That’s the level of security you get.
Password hashing is where your password is passed through a system which jumbles it up and makes it impossible to reverse; unless you know the key. It’s a rather simple process which renders your hacked password useless should it fall into the wrong hands.
Have You Been Pwned?
Now, I know what you’re thinking. You’re reading this safe in the knowledge that passwords falling into the wrong hands and hacks only happen to other people. Prepare to be shocked.
There’s a website called Have I Been Pwned which lets you see if your email address or password has been caught up in a hack. I’m in there. Both emails and a password I used to use. One password I used years ago was ‘shiloh’. Nice and simple that one. Why did I pick it? Well, it was in an X-Files game so I thought it would make a great password. Turns out I’m not alone. In the below screengrab, I’ve just checked ‘shiloh’.
This service is the very service which made me realised I needed to change how I deal with passwords. It’s hard to remember multiple passwords so I was doing what everyone does; using the same password for everthing.
The problem with using the same password for everthing is that when one site gets hacked and your password gets compromised, hackers will assume you’ve used it elsewhere. For example, if your Adobe password was found by hackers back in 2013 then could have used it to try log into your Facebook account and wrek havoc on your life.
So, how do you avoid this from happening? I’ve decided to employ a password manager.
What Is A Password Manager?
The safest password is a password you don’t know. It might have been Edward Snowden that said that but whoever it was, it makes a lot of sense. If a password is easy enough for you to remember, it’s likely pretty easy for a computer programme to decipher too.
The safest password is a password you don’t know.
Right now, for the vast majority of websites I visit and sign up to, I have no idea what my password is. For example, I have no idea why my Facebook password is. I’ve no idea what my Instagram password is. I actually have no idea what password I used to log into Goosed.ie when I’m writing articles. I do know they are all different passwords with a lot of charachters made up of letters, numbers and symbols.
The reason I don’t know any of my own passwords is because I use LastPass, a password manager.
Life With LastPass
It’s called LastPass because it’s the last password you’ll ever need to know. Once you know your LastPass password, their service will then manage all your other passwords. This allows you to have incredibly complex combinations and most importantly a different password for every single website that you sign up for.
It’s Called LastPass because it’s the last password you’ll ever need to know
When privacy mess ups like this latest craic from Facebook happen, you’ll see security experts advise that you change your password on the effective platform and anywhere else you use that same password. So, today you should be changing your Facebook password and everywhere else you use that same password. Take a moment to think about how horrible that is.
Because I use LastPass, today I updated my Facebook password and that’s me done. Secure until they mess up again.
The only recommendation I have here is that you make your password for LastPass a passphrase and whenever you can turn on two-factor authentication.
What If LastPass Gets Hacked?
I’ve been recommending LastPass to people for a while now and the first question I always get back is “but what if LastPass gets hacked”.
It’s a very fair question to which I have two responses.
First of all, LastPass did have a security incident back in 2015. No data was leaked or anything thanks to how LastPass handles your privacy; keeping things seperate and never knowing your master password. They regularly test their own systems and remain at the very cutting edge of online security protocols. At the end of the day, this is their business.
Secondly, if you’re using the same password across loads of sites and it’s something like ‘Fluffy123!’, you’re only fooling yourself if you think the your privacy is nice and safe. By employing a password manager like LastPass, you will be improving your security immeasurably.
Fruit is the Least of Your Problems
I’m going to use a metaphor to explain what I mean here. I recently saw a question put to a fitness instructor about fruit; specifically natural sugar content. The question was around losing weight by reducing sugar and should that also include reducing the amount of fruit you eat. His response was perfect. If you’re overweight, eating fruit is not the cause.
When it comes to online security, if your goal is protecting your privacy, entrusting a password manager to use different complex passwords for every site you register with is far more beneficial than worrying about your password manager being hacked. Hell, we’ve seen how much all these other online service providers care little about your privacy so the least you should be doing is taking control of the situation.
If you’re still on the fence though, please take time to read through what LastPass themselves has to say about this. They are a fully transparent company built on policies of open honesty.
What About Logging Into Mobile Apps?
This is important. LastPass comes in the shape of multiple platforms. You can install a Chrome Extension which helps you logging into websites through your browser or a mobile app which will then let you log into apps on your mobile phone. Within the LastPass app itself you can also reveal your password should you need to log into something that doesn’t natively support LastPass. A good example here might be if you wish to log into Facebook on a games console or something similar.
The important call out here is I’ve been living with LastPass for a long time and never find myself locked out or unable to log in somewhere. Because I can safely store information like my PPS number in the app too, I’ve found I usually have information to hand that I used to have to dig around for.
Other Password Managers
LastPass is by no means alone in the world of privacy and password managers. I would argue it provides the most for free, but then again can you really put a price on privacy?
It’s just the one I’ve used the most and can personally stand over recommending. If, for some reason, you don’t feel like it’s for you, try out the likes of 1Password or Keeper.
Whether you’re convinced or not about password managers, I implore you to check it out. If you have any questions, as always, fire them into the comments below or over on our social accounts.