Facebook Has Been Asking for Email Passwords to Verify New Accounts

 

563109-facebook-icon-cc0-license

You would think that after all its recent privacy missteps, Facebook would exercise a little more caution when it implements new features. Alas, this is Facebook, so it’s still blundering from one crisis to the next. Its latest ill-conceived scheme involves asking users to hand over their email passwords. This is basically indistinguishable from a phishing attack.

The email chicanery happens when new users sign up for Facebook in a way that looks “suspicious” to the site. The Daily Beast investigated this scenario by signing up from a VPN routed through Romania, finding that Facebook does indeed ask users to input their email password to verify their account.

It’s been drilled into every internet user for years that you don’t ever give your passwords to a third-party in this manner — not even to a site that you trust. Let’s ignore for a moment that Facebook has done little to earn anyone’s trust. Even making people think this is a normal practice sets them up to get hit by phishing attacks. Your email account is also a particularly sensitive portal into your online life with banking details, personal communication, and the ability to reset passwords on other online accounts.

According to Facebook, this “feature” is there to help users with suspicious sign-ins verify their accounts. It only appears for accounts connected to emails without OAuth, an open standard that allows access without sharing passwords. Although, Gmail recently imposed limits on third-party account access, so it’s unclear if Facebook could get what it needs from Google’s platform with a simple OAuth ping.

 

Facebook also says there are other options to verify these accounts. However, those options are hidden behind the “Need help?” link, which is a counterintuitive place to have additional verification methods. For whatever reason, Facebook is pushing the shadiest possible method of confirming these accounts. One clue comes in the next dialog after providing the password. The site pops up a notification that it’s “importing contacts” from the email account without asking permission. It’s unclear if this contact data actually shows up in Facebook, but it could be fed into Facebook’s ad servers for all we know.

Facebook says the email logins are harmless. But do you really trust Facebook to handle your passwords with care and discretion? This is the company that recently admitted it stored passwords in plain text for years before someone realized that might be a bad idea. To its credit, Facebook has confirmed it will stop asking for email passwords in this manner.

Now read:

 

About Skype

Check Also

, Samsung Announces ‘Gauss’ AI for Galaxy S24, #Bizwhiznetwork.com Innovation ΛI

Samsung Announces ‘Gauss’ AI for Galaxy S24

For the last several years, smartphones have shipped with processors designed to accelerate machine learning …

Leave a Reply

Your email address will not be published. Required fields are marked *

Bizwhiznetwork Consultation