
Facebook just kept all password in plaintext (no hashing) - MichaelMoser123
https://www.wired.com/story/facebook-passwords-plaintext-change-yours/
======
MichaelMoser123
I sort of remember they asked me how to authenticate users when they
interviewed me (of course the answer is to store and compare the hashes on the
password).

Besides the security implications: isn't it faster to compare hashes rather
than having to compare strings? (the hash computation can be done in the
browser) It is also easier to store a hash field rather than passwords (hashes
are fixed size whereas password strings are variable size); so why would they
be doing something like this?

------
cosmos05
that is an unbelievable thing.

