Technology
Facebook backs away from asking for some users’ email passwords
Facebook can’t seem to escape concerns over its handling of user privacy.
Mark Zuckerberg’s social media giant faced more criticism over the weekend for apparently asking some new users — who’d registered with email addresses from sites like Yandex or GMX — to enter their personal email passwords during the sign-up process. As a result of this latest brouhaha, Facebook decided to end the practice, a company spokesperson confirmed to Mashable.
The policy came under scrutiny on Sunday when the cybersecurity-focused Twitter account e-sushi pointed out how potentially dangerous it could be, especially given another recent scandal in which it turned out the site was storing passwords in plain text.
Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you’re practically fishing for passwords you are not supposed to know! pic.twitter.com/XL2JFk122l
— e-sushi (@originalesushi) March 31, 2019
After the attention drawn to the policy earlier this week, Facebook put a stop to it, The Daily Beast reported. In a written statement to Mashable, a Facebook spokesperson said users were never required to do this anyway.
“People can always choose instead to confirm their account with a code sent to their phone or a link sent to their email,” Facebook said. “That said, we understand the password verification option isn’t the best way to go about this, so we are going to stop offering it.”
According to Facebook, only a small percentage of users would see this particular screen, because it only showed up for those who signed up with email addresses that don’t support OAuth. For the uninitiated, OAuth works with major email services like Gmail to authorize access to sites without requiring the user to enter their email password.
Additionally, Facebook said any password entered this way was not stored by the social network. A user who was asked to enter their email password could alternately verify their accounts using more traditional means, by clicking the “Need help?” button on the password form.
If you take Facebook at its word, maybe this isn’t that big a deal, especially now that the policy is gone. Still, it’s hard to blame anyone for finding it suspicious, given the company’s concerning history with user data.
-
Entertainment6 days ago
‘Only Murders in the Building’ Season 4 ending explained: Who killed Sazz and why?
-
Entertainment7 days ago
Polling 101: Weighting, probability panels, recall votes, and reaching people by mail
-
Entertainment5 days ago
When will we have 2024 election results online?
-
Entertainment6 days ago
5 Dyson Supersonic dupes worth the hype in 2024
-
Entertainment4 days ago
Halloween 2024: Weekend debates, obscure memes, and a legacy of racism
-
Entertainment5 days ago
Social media drives toxic fandom. Is there a solution?
-
Entertainment4 days ago
Is ‘The Substance’ streaming? How to watch at home
-
Entertainment4 days ago
M4 MacBook Pro vs. M3 MacBook Pro: What are the differences?