Also, can someone please tell me that Facebook doesn't really do this?
It exchanges a few bits of entropy for a much smoother user experience, and it doesn't actually aid an attacker much (they could just try the permutations themselves)
It exchanges a few bits of entropy for a much smoother user experience, and it doesn't actually aid an attacker much (they could just try the permutations themselves)