Facebook has dismissed claims that its password security is inadequate, following a report by software firm Dashlane that criticised the firm’s credentials policy.
The report checked password policy on websites popular in the UK, noting minimum password length, whether password had to include numbers and letters of both cases, and whether users were shown the password strength, among other factors.
Websites were scored between -100 to 100, with those graded below 50 judged to be below Dashlane’s security standard, which resulted in 80% of websites being found wanting, including Facebook.
A spokesman from the social network said: "We would score our password practices quite differently. We were one of the first online service providers to offer two factor authentication, and we use an advanced automated system to detect suspicious login behavior.
"For example, if someone tries to access an account from Europe just a few hours after logging in from the US we will ask for additional information before allowing the login. With hundreds of millions of logins a day, we are confident that our measures are strong and effective."
Two factor authentication asks for two types of credentials, such as a credit card and a PIN code at a cash point, and is generally regarded as more secure than single factor authentication, such as a password.
Dashlane chief executive Emmanuel Schalit said: "Our study found a clear and direct correlation between a website’s password requirements and the average strength of a user’s password. Sites that require more complex passwords have users with greater password strength.
"Companies and websites have no excuse for their poor password policies. Implementing strong password policies is extremely cheap and can easily be done with readily available open-source technology."
