Technology
Facebook backs away from asking for some users’ email passwords
Facebook can’t seem to escape concerns over its handling of user privacy.
Mark Zuckerberg’s social media giant faced more criticism over the weekend for apparently asking some new users — who’d registered with email addresses from sites like Yandex or GMX — to enter their personal email passwords during the sign-up process. As a result of this latest brouhaha, Facebook decided to end the practice, a company spokesperson confirmed to Mashable.
The policy came under scrutiny on Sunday when the cybersecurity-focused Twitter account e-sushi pointed out how potentially dangerous it could be, especially given another recent scandal in which it turned out the site was storing passwords in plain text.
Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you’re practically fishing for passwords you are not supposed to know! pic.twitter.com/XL2JFk122l
— e-sushi (@originalesushi) March 31, 2019
After the attention drawn to the policy earlier this week, Facebook put a stop to it, The Daily Beast reported. In a written statement to Mashable, a Facebook spokesperson said users were never required to do this anyway.
“People can always choose instead to confirm their account with a code sent to their phone or a link sent to their email,” Facebook said. “That said, we understand the password verification option isn’t the best way to go about this, so we are going to stop offering it.”
According to Facebook, only a small percentage of users would see this particular screen, because it only showed up for those who signed up with email addresses that don’t support OAuth. For the uninitiated, OAuth works with major email services like Gmail to authorize access to sites without requiring the user to enter their email password.
Additionally, Facebook said any password entered this way was not stored by the social network. A user who was asked to enter their email password could alternately verify their accounts using more traditional means, by clicking the “Need help?” button on the password form.
If you take Facebook at its word, maybe this isn’t that big a deal, especially now that the policy is gone. Still, it’s hard to blame anyone for finding it suspicious, given the company’s concerning history with user data.
-
Business6 days ago
Bluesky launches Ozone, a tool that lets users create and run their own independent moderation services
-
Entertainment6 days ago
‘The Gutter’ review: The right kind of stupid
-
Entertainment6 days ago
What’s going on with Boeing planes? Safety concerns prompt flyers to change their flights.
-
Entertainment5 days ago
SpaceX’s Starship just had fantastic firsts for spaceflight
-
Entertainment7 days ago
‘Manipulated’ photo of Kate Middleton pulled by media agencies. Why?
-
Entertainment3 days ago
‘The American Society of Magical Negroes’ review: A satirical near-miss
-
Business5 days ago
Paramount Global to sell stake in India’s Viacom18 to Reliance for over $500M
-
Entertainment5 days ago
‘Grand Theft Hamlet’ review: ‘Grand Theft Auto’ meets Shakespeare in this video game documentary