home Apps, Mobile Tech, social media Terrible idea: Facebook asks some new users for passwords to emails for verification

Terrible idea: Facebook asks some new users for passwords to emails for verification

Share

Facebook could be practicing the worst ever user-verification methods that could jeorpadize the security of its users.

Generally, social media or any other online service asks users to confirm a secret code or a unique URL sent to the email address they provided for the account registration.

However, Facebook has been found asking some newly-registered users to provide the social network with the passwords to their email accounts, which according to security experts is a terrible idea that could threaten privacy and security of its users.

First noticed by Twitter account e-Sushi using the handle @originalesushi, Facebook has been prompting users to hand over their passwords for third-party email services, so that the company can “automatically” verify their email addresses.

However, the prompt only appears for email accounts from certain email providers which Facebook considers to be suspicious.

“Tested it myself registering 3 times with 3 different emails using 3 different IPs and 2 different browsers. 2 out of 3 times I faced that email password verification thing right after clicking “register account” on their front page sign up form,” e-Sushi said in a tweet.

“By going down that road, you’re practically fishing for passwords you are not supposed to know!”

Might be ironic followign last weeks revelations where Facebook admitted it mistakenly stored passwords for “hundreds of millions” of its users insecurely in plaintext for years in company logs which were accessible to 2,000 Facebook employees.

In a statement provided to the Daily Beast, Facebook confirmed the existence of such “dubious” verification process but also claimed it doesn’t store the user-provided email passwords on its server.

Facebook also said it would end the practice of asking for email passwords altogether.

“We understand the password verification option isn’t the best way to go about this, so we are going to stop offering it,” Facebook said.

Facebook also noted that the users asked for their email passwords as a means of verifying their accounts could opt for other verification methods such as a passcode sent to their phone number or a link to their email address by clicking the “Need help?” button on the page.

Share
TAGS:

James Barnley

I’m the editor of the DomainingAfrica. I write about internet and social media, focusing mainly on Domains. As a subscriber to my newsletter, you’ll get a lot of information on Domain Issues, ICANN, new gtld’s, Mobile technology and social media.

Leave a Reply

Your email address will not be published. Required fields are marked *