Industry News

Facebook strikes again – now asks new subscribers for passwords to their email accounts

Facebook asked users to validate their account by handing over their personal email password | Credits: e-sushi (@originalesushi)

Facebook just can’t get a break. After a long string of accusations directed at the social platform for security and privacy concerns, Facebook has now been caught using an appalling security practice – demanding new subscribers hand over the password to their email.

Just weeks after it was revealed that Facebook had stored user passwords in plain text accessible to employees, the company everyone loves to hate is now making headlines for demanding the keys to users’ electronic inbox.

First reported by a developer identified on Twitter as e-sushi and independently verified by The Daily Beast, the dubious prompt appears when someone attempts to create a new account using a non-traditional email address.

“Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view,” e-sushi wrote. “By going down that road, you’re practically fishing for passwords you are not supposed to know!”

Facebook does note in fine print that the company won’t store your password, but judging by its past misuse of customer information, it’s hard to believe much of what Zuck’s company says these days.

In an emailed statement, a company spokesperson said, “We understand the password verification option isn’t the best way to go about this, so we are going to stop offering it.”

As a rule of thumb, never share the password associated with your personal email account with anyone. That password is meant to be used only by you and only with that email account. And, as always, it’s best to avoid reusing the same password across different services.

About the author

Filip TRUTA

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware, and security, and has worked in various B2B and B2C marketing roles. He likes fishing (not phishing), basketball, and playing around in FL Studio.

1 Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.