Even if it means having to buy passwords off the black market. Facebook is one of the very, very few companies that count their users in the billions. Making sure that all of these users stay safe and their information stays away from harm is a ridiculously difficult job — particularly when you cant force the user to follow any of the myriad of guidelines that you know they should be adhering too.
Nevertheless, the folks handling security at the social networking platform try their best. We got a look at just how hard the job could be last week, when Alex Stamos, Chief Security Officer (CSO) at Facebook spoke at the Web Summit, and touched upon some of the pain points that his job offered.
The family car was not designed to be driven into a wall at 100 kilometers an hour. We call that user error.
The user error in Facebook’s case is pretty high. People using devices that are not secure and use ancient, relatively less safe versions of Android is an example of User Error. And then there is also the fact that being a for profit company, Facebook cant exactly force its users to deploy methods a nd technologies that it knows will make them safe.
Stamos gave the example of two factor authentication. Users that have two factor authentication enabled will definitely be safer. However, that does not change the fact that very few users actually have it enabled. This leaves the company with pretty few options — including keeping a watchful eye on the black market and often buying passwords for Facebook accounts as they come up for sale. The company is then able to warn users whose accounts are compromised.
So basically, Facebook will do everything in its power to keep you safe — and continue doing so, despite the best efforts of users to the contrary.
It is still our responsibility to protect the people who choose not to use [advanced safety features the company has built.