Technology
Facebook backs away from asking for some users’ email passwords
Facebook can’t seem to escape concerns over its handling of user privacy.
Mark Zuckerberg’s social media giant faced more criticism over the weekend for apparently asking some new users — who’d registered with email addresses from sites like Yandex or GMX — to enter their personal email passwords during the sign-up process. As a result of this latest brouhaha, Facebook decided to end the practice, a company spokesperson confirmed to Mashable.
The policy came under scrutiny on Sunday when the cybersecurity-focused Twitter account e-sushi pointed out how potentially dangerous it could be, especially given another recent scandal in which it turned out the site was storing passwords in plain text.
Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you’re practically fishing for passwords you are not supposed to know! pic.twitter.com/XL2JFk122l
— e-sushi (@originalesushi) March 31, 2019
After the attention drawn to the policy earlier this week, Facebook put a stop to it, The Daily Beast reported. In a written statement to Mashable, a Facebook spokesperson said users were never required to do this anyway.
“People can always choose instead to confirm their account with a code sent to their phone or a link sent to their email,” Facebook said. “That said, we understand the password verification option isn’t the best way to go about this, so we are going to stop offering it.”
According to Facebook, only a small percentage of users would see this particular screen, because it only showed up for those who signed up with email addresses that don’t support OAuth. For the uninitiated, OAuth works with major email services like Gmail to authorize access to sites without requiring the user to enter their email password.
Additionally, Facebook said any password entered this way was not stored by the social network. A user who was asked to enter their email password could alternately verify their accounts using more traditional means, by clicking the “Need help?” button on the password form.
If you take Facebook at its word, maybe this isn’t that big a deal, especially now that the policy is gone. Still, it’s hard to blame anyone for finding it suspicious, given the company’s concerning history with user data.
-
Entertainment7 days ago
WordPress.org’s login page demands you pledge loyalty to pineapple pizza
-
Entertainment6 days ago
‘Mufasa: The Lion King’ review: Can Barry Jenkins break the Disney machine?
-
Entertainment6 days ago
OpenAI’s plan to make ChatGPT the ‘everything app’ has never been more clear
-
Entertainment5 days ago
‘The Last Showgirl’ review: Pamela Anderson leads a shattering ensemble as an aging burlesque entertainer
-
Entertainment6 days ago
How to watch NFL Christmas Gameday and Beyoncé halftime
-
Entertainment4 days ago
Polyamorous influencer breakups: What happens when hypervisible relationships end
-
Entertainment4 days ago
‘The Room Next Door’ review: Tilda Swinton and Julianne Moore are magnificent
-
Entertainment3 days ago
CES 2025 preview: What to expect