Facebook kept millions of passwords unencrypted for years

Here's how to change your password — again

Published March 22, 2019 9:30PM (EDT)


This article originally appeared on GearBrain.
Gear Brain

Facebook took another hit to its reputation with the discovery that hundreds of millions of its passwords had been stored in plain text — for years. What does this mean for Facebook users? Passwords are supposed to be kept on a company's site, but encrypted so no one can read them. That's not what happened with Facebook, according to Brian Krebs who broke the news on his site, Krebs on Security.

Instead, Facebook left these passwords in plain text, and visible to thousands employees. Apparently some of these passwords were left unencrypted since 2012. Employees reportedly entered unencrypted passwords into Facebook's servers, and left them stored in plain text.

For Facebook users, the first crucial thing to do, is to change their password. We have instructions below. Its advice that likely sounds like a broken record — because people are told to do this an almost monthly basis. Nevertheless, it's imperative. A plain text password is one that can be found, read and used to take over an account. If that password is also the same as one used on other sites, it's even more crucial to change the password quickly.

Anyone who has an online account — which is anyone with a smartphone or computer in their lives — is told to create a password that's difficult to guess, and isn't the same as another one they use. (Even Facebook suggests this directly on its site.)

While many turn to password managers to help them bring up the dozens of passwords they likely have, others just write them down or use the same one multiple times. But the hope is companies are keeping up their end of the bargain — and making sure these passwords are not easy to find, and are encrypted so they can't be read.

Consumers know that companies have data breaches where their passwords are compromised, happening to the biggest of brands from Yahoo to Equifax. In this case, it's not clear whether these Facebook passwords were actually compromised, or if the company just got lucky even though employees basically left passwords easy to read if found.

Trust in Facebook is already deeply down, and has been for the past year since the Cambridge Analytica scandal broke in 2018. Then, the public discovered that a British analytics company gained access to data of more than 87 million Facebook users. How Facebook itself uses its own data is certainly a concern too. Just this week, Facebook agreed to stop allowing employers, landlords and lenders to target posting based on age, location and gender — a routine the social media site had allowed for years.

For those who feel they still want to remain on the social media site, a password change is probably the least best move to take. Here are the steps.

Step One


At the bottom of the app, click on the three horizontal lines

Step 2


Click on "Settings & Privacy" which will open a drop down menu, and click on "Settings"

Step 3


Scroll to midway down the screen to the "Security" section. Here click on "Security and Login"

Step 4


Midway down the screen, click on the icon of the key next to "Change Password"

Step 5


Here, you'll need to enter your current password and then type in a new password twice. Then click "Save Changes"

By Lauren Barack

MORE FROM Lauren Barack

Related Topics ------------------------------------------

All Salon The Economy & Innovation Facebook Gearbrain