>Facebook must encrypt user passwords and regularly scan to detect whether any passwords are stored in plaintext; and
Why are they storing passwords at all? It's not necessary for authentication. They should only be storing a hash, or better yet a public key derived from the password on the client.
It came to light that they were storing passwords in plaintext in an application log. In theory they only store hashes in places where they actually intend to store passwords.
Why are they storing passwords at all? It's not necessary for authentication. They should only be storing a hash, or better yet a public key derived from the password on the client.