On the one hand, we just came to know that Yahoo did not inform its users of the recently disclosed major 2014 hacking incident that exposed half a billion user accounts even after being aware of the hack in 2014.
On the other hand, Facebook takes every single measure to protect its users’ security even after the company managed to avoid any kind of security scandal, data breach or hacks that have recently affected top notch companies.
Stamos said there is a difference between ‘security’ and ‘safety,’ as he believes that his team can “build perfectly secure software and yet people can still get hurt.”
Stamos was former Chief Information Security Officer at Yahoo who left the company in 2015 after discovering that its Chief Executive Marissa Mayer authorized the government surveillance program.
Stamos joined Facebook in summer 2015 and now leads the security team at the social network. He said that the biggest headache he deals there with is caused by passwords users keep securing their accounts.
“The reuse of passwords is the No. 1 cause of harm on the internet,” said the security chief.
According to him, the username and password system that was initially introduced in the 1970’s will not help us now in 2016.
As CNET reports, when passwords are stolen in masses and traded on the black market, it becomes apparent just how many of users are choosing the weakest passwords, such as 12345 and password, to secure their online accounts, automatically making their account more vulnerable to being hacked.
And this issue is something the social network giant is keen to help its users avoid.
Stamos said that the social network then alerts tens of millions of users that their passwords needed changing as they were not strong enough to protect their accounts.
Facebook provides you a whole bunch of tools to tighten up the security of your account, including traditional two-factor authentication, identifying faces of friends, as well as machine learning algorithms to determine and inform whether activity on your account is fraudulent.
Users are always advised to enable Two-factor authentication, which is an effective measure to keep a tight hold on your account even after hackers have your credentials.
Another new measure tackles the issue of account recovery. So, even if hackers find their way into your email account that could allow them to seize your Facebook account easily by resetting your password, the social network allows you to let your close friends verify account recovery request on your behalf.