Facebook's Old Password page
A couple of hours ago, my roommate was trying to get into my friend’s Facebook account when he surprisingly guessed the “pseudo”-right password and it took him to a screen I had never seen before.
The screen basically said something like , “You are using an old password, did you know this” (Screenshot attached). My roommate clicked yes, and guessed a password similar to the one he just tried and eventually after another try or so he got in.
My issue with this feature is how a potential hacker would respond in this scenario. Now I don’t know the password changing habits of the general population, but among a couple of my friends (whos passwords I happen to know) I do know that their old and new passwords are related in some way. So this really comes down to the hacker being clever enough or the hacker being someone the victim knows.. Keep in mind that while it is great to tell the average user to use a mixed case and numbers and letters, the fact is that many users will use a password that is “easy” to remember and relevant to them.
However, while I do understand what Facebook is trying to do with this feature, but I think that its put in the wrong place at the wrong time. Instead this should be an automated email that is sent to the user’s email address saying either “Someone has tried to login to your account multiple times” or “Someone has tried to login to your account using an old password” depending on what the situation is.
All in all, while this is not a severe risk to all facebook user’s who have good password habits, there is still a possibility that someone may gain entry to your account through this knowledge of an old password.
: http://uploadrobots.com/Yxw3CC
It is one of the funniest analogies I have ever read! Kudos to 
Pradeep are discussing. 
Pradeep 4:57 pm on February 22, 2011 Permalink |
Yahoooo too has this
Lola 9:09 pm on October 19, 2011 Permalink |
How do i get another password cse fb is saying i used an old pass word but i didnt change it