Facebook is Asking New Users for their Email Passwords
According to a report by Dailybeast, Facebook users are being interrupted by a confirmation page where the company is demanding the email they used when signed up which makes sense. But in the second field, they are also asking for email password. “To continue using Facebook, you’ll need to confirm your email. Because you signed up with [email protected] (say), you can do that automatically through email.com,” the company wrote on that page. Jake Williams, a security consultant at ‘That’s beyond sketchy’ studied the case and said, “They should not be taking your password or handling your password in the background. If that’s what’s required to sign up on Facebook, you’re better off not being on Facebook.” After the matter published by the source, Facebook once again claimed that they don’t store email passwords. “We understand the password verification option isn’t the best way to go about this, so we are going to stop offering it,” Facebook wrote.
The additional login step was also noticed over the weekend by a cybersecurity watcher e-sushi. “By going down that road, you’re practically looking for passwords you are not supposed to know!” e-sushi wrote in his tweet.
Email Passwords are Not Mandatory
Though there’s no information on how widely the new system has been deployed, theFacebook also said in its statement that users still have to option to bypass the password demand. They can activate their account following the traditional method of receiving a code and verifying the same. This option is available under ‘Need help?’ option at a corner of the page. If you observe the text carefully written below the password field, you’d see “Facebook won’t store your password.” But the social media giant has already faced much criticism for using users’ information it originally acquired for security reasons. The company was caught allowing third-party advertisers to target its users using phone numbers the last year. Not only that, Facebook recently made those phone numbers searchable to locate the matching user. Facebook has already explained many times how they protect users’ passwords but still these regular security slips hampering the company’s online reputation very much. Facebook, the largest social media network on the Internet is expected to securely handle passwords but considering the history, they have never done that. Last month, Facebook even acknowledged that it left millions of users’ password remained stored as plaintext for years accessible to thousands of employees.