Use of Facebook has now become a normal activity of our part of life. However theft of personal data like email addresses and passwords can have larger consequences because people often use the same password on multiple websites. Unfortunately, it’s common for attackers to publicly post the email addresses and passwords they steal on public ‘paste’ sites. Lots of household company names have experienced the unpleasant phenomenon of seeing account data for their sites show up in these public lists, and responding to these situations is time-consuming and challenging.
To do this, no doubt Face Book security teams monitor a selection of different ‘paste’ sites for stolen credentials and watch for reports of large scale data breaches. They collect the stolen credentials that have been publicly posted and check them to see if the stolen email and password combination matches the same email and password being used on Facebook. This is a completely automated process that doesn’t require us to know or store your actual Facebook password in an unhashed form. In other words, no one here has your plain text password. To check for matches the team takes the email address and password and run them through the same code that is used to check password at login time. If they find a match, they notify at the next time how to log in and guide through a process to change your password.
For now, use of pass words is necessary — as well as regularly to be re-used and sometimes leaked when hackers access private information. When you forget yours, the process to log back into an account you’re locked out of is clunky and not as secure as it could be.
Facebook is working to change that — and eventually, to make passwords obsolete. Facebook’s F8 has recently brought the launch of the beta version of Delegated Account Recovery, a way for the social network to be the backup security key in case you forget your password on different, non-Facebook services.
The idea: If you forget your password on an app or website, it will instead use Facebook to verify you are who you say you are. You will have to prove yourself through exercises like recognizing friends’ photos in order to log into your other account.
“We want to make sure we can let you use [identifying] information to keep yourself secure, but not have to trade your privacy,” Facebook security engineer Brad Hill told CNN Tech. “Right now you tell your mother’s maiden name to 500 different places and if any one of them gets hacked, then you’re vulnerable everywhere.”
Think about the last time you forgot your password. The website likely sent a link to your email to reset your password, or texted a code to your mobile phone. You might have answered security questions, like your mother’s maiden name or the moniker of your first pet.
Facebook says its method is more secure. Text messages are unencrypted, and email accounts can be hacked. Further, Facebook’s Delegated Account Recovery works even if someone switches their phone number or email address.
People might be skeptical about trusting Facebook with other accounts. The company knows everything about you, and uses your information to advertise to you. And of course, if your Facebook account is hacked, the bad guys can log into your other accounts that way, too.
But Hill insisted Facebook has safeguards in place to recognize fraudulent activity, and will alert you if anything seems amiss. If, say, Facebook knows you always log in via your iPhone in California, an attempt from Russia on an Android will be flagged.
Facebook also limits how many third-party accounts can be recovered at one time, and the company won’t know the details of those other accounts. For example, say you use Facebook as your backup code for your bank.
Facebook will know you use the bank’s services, but it doesn’t know anything about your bank account.
For now, developers must apply to use the tech. Facebook is open-sourcing this technology so eventually any company can use it — that is, even if you don’t trust Facebook with your identity, you might trust another organization that implements the tool.
Delegated Account Recovery doesn’t replace passwords. But it’s a stepping stone in Facebook’s efforts to improve and eventually replace the security mechanisms we currently use. You probably already use another one: Facebook Login lets you remember one less password when you sign up for third-party apps.
Google (GOOG), too, is working on products to get rid of the password. Both firms support Yubikey, a physical key you plug into your computer that acts like a password.
Hill said Facebook’s account recovery feature will also benefit people just beginning to use the internet, who may have Facebook accounts but not an email or phone number. Instead, he said, people in emerging markets might get accustomed to using social identities as a login authenticator — not the assortment of letters and numbers that we use as passwords.
“Facebook’s one of the best pieces of online identity they have, and it can be a great anchor for them to get connected to more services,” Hill said.
Technically there is no other way to open Facebook account without password. Don’t be disappointed please… Username and password is the only thing that differentiates your Facebook account from my own Facebook account.
But, if you have created a Facebook account and you want to be logging into the account without typing your Facebook username and password then you only need to save your Facebook password and username on your browser using Chrome browser, Mozilla Browser, or Opera Browser.
Mostly for PC, this is very easy to do. Visit Log In or Sign Up on PC and Log In or Sign Up on mobile to login to your Facebook. Preferably, use Google Chrome browser for PC or for mobile.
The moment you enter your Facebook username and password, Google Chrome password smart lock will pop up asking whether to save the username and password. Click save now so you will be able to login to Facebook next time without password.
For mobile Chrome, you also need to save your password before you can open your Facebook account without logging with password and username.
To achieve this, log in to Facebook with your username and password. A new window will pop up then click on save.
Meanwhile, before then click on the 3 dots on your Chrome screen and click settings. Navigate to privacy and enable save passwords.
After that, you will have all your passwords including Facebook password saved on Chrome and you will be able to log into Facebook without typing username and password again.
Here are 6 things you can do to help keep your account safe:
1. Protect your password:
n Don’t use your Facebook password anywhere else online.
n Never share your password. You should be the only one who knows it.
n Avoid including your name or common words. Your password should be difficult to guess.
2. Use our extra security features.
3. Make sure your email account(s) are secure.
4. Log out of Facebook when you use a computer you share with other people. If you forget, you can log out remotely.
5. Run anti-virus software on your computer:
6. Think before you click or download anything.