Facebook Is Asking Some New Users for Their Email Passwords

It is said that social media giant Facebook is asking some new users to give their email passwords to verify their identity on the platform.

Social media giant Facebook has been embroiled in many controversies only in the last year, starting with the Cambridge Analytica data collection scandal, in a new report now that the company is asking some new users for passwords of their own. E-mail accounts. A means to verify your identity.

If that scares you, it should. According to the Daily Beast, which first reported the problem, some new users are being asked by Facebook to provide their email passwords when they try to register on the social networking platform, in which security consultant Jake Williams says it is a practice that works well past questionable, and in territory "beyond the incomplete" by the company.

Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know! pic.twitter.com/XL2JFk122l

— e-sushi (@originalesushi) March 31, 2019

According to reports, a warning appears when Facebook thinks that a registration attempt is suspicious and, apparently, the option only appears for email addresses that are not compatible with OAuth, a standard adopted by almost all major email providers .

As expected, providing your password to anyone, let alone a company that is probably the least trusted technology company these days, is a terrible idea. In a statement given to Gizmodo, a Facebook spokesman said that "these passwords are not stored by Facebook," adding that the warning only appeared for a "very small" number of users.

The company also clarified that people who present themselves with this option can always opt for authentication by other means, such as their phone number or email address. However, those options are hidden inside the "Do you need help?" That is not exactly the clearest way to inform the user that he has other options to verify his identity on the platform.

What's worse, Business Insider discovered that signing up for an account using this method tells the user that Facebook is also importing their contacts, but it is not clear if the contacts were actually imported.

Anyway, Facebook has confirmed that the company will stop the practice of asking users for their passwords, but the fact that it did anyway and did not stop until it was reported, puts another mark on its "not so clean" . 'record when it comes to the user's privacy and data.

Facebook has been at the center of a lot of controversies, including the launch of a VPN application that captured user data, using 2FA as a way to send emails to users' phones with text messages and Get your phone numbers for specific ads. Last month, it was also discovered that the company had stored millions of passwords in plain text. It goes without saying that this latest addition to Facebook's long list of privacy and security practices will not help the company regain user confidence in the short term.