Technology
Facebook backs away from asking for some users’ email passwords
Facebook can’t seem to escape concerns over its handling of user privacy.
Mark Zuckerberg’s social media giant faced more criticism over the weekend for apparently asking some new users — who’d registered with email addresses from sites like Yandex or GMX — to enter their personal email passwords during the sign-up process. As a result of this latest brouhaha, Facebook decided to end the practice, a company spokesperson confirmed to Mashable.
The policy came under scrutiny on Sunday when the cybersecurity-focused Twitter account e-sushi pointed out how potentially dangerous it could be, especially given another recent scandal in which it turned out the site was storing passwords in plain text.
Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you’re practically fishing for passwords you are not supposed to know! pic.twitter.com/XL2JFk122l
— e-sushi (@originalesushi) March 31, 2019
After the attention drawn to the policy earlier this week, Facebook put a stop to it, The Daily Beast reported. In a written statement to Mashable, a Facebook spokesperson said users were never required to do this anyway.
“People can always choose instead to confirm their account with a code sent to their phone or a link sent to their email,” Facebook said. “That said, we understand the password verification option isn’t the best way to go about this, so we are going to stop offering it.”
According to Facebook, only a small percentage of users would see this particular screen, because it only showed up for those who signed up with email addresses that don’t support OAuth. For the uninitiated, OAuth works with major email services like Gmail to authorize access to sites without requiring the user to enter their email password.
Additionally, Facebook said any password entered this way was not stored by the social network. A user who was asked to enter their email password could alternately verify their accounts using more traditional means, by clicking the “Need help?” button on the password form.
If you take Facebook at its word, maybe this isn’t that big a deal, especially now that the policy is gone. Still, it’s hard to blame anyone for finding it suspicious, given the company’s concerning history with user data.
-
Entertainment6 days ago
Earth’s mini moon could be a chunk of the big moon, scientists say
-
Entertainment7 days ago
The space station is leaking. Why it hasn’t imperiled the mission.
-
Entertainment5 days ago
‘Dune: Prophecy’ review: The Bene Gesserit shine in this sci-fi showstopper
-
Entertainment5 days ago
Black Friday 2024: The greatest early deals in Australia – live now
-
Entertainment4 days ago
How to watch ‘Smile 2’ at home: When is it streaming?
-
Entertainment3 days ago
‘Wicked’ review: Ariana Grande and Cynthia Erivo aspire to movie musical magic
-
Entertainment2 days ago
A24 is selling chocolate now. But what would their films actually taste like?
-
Entertainment3 days ago
New teen video-viewing guidelines: What you should know