Slashdot Mirror
Facebook is Demanding Some Users Share the Password For Their Outside Email Account (thedailybeast.com)
An anonymous reader shares a report: Just two weeks after admitting it stored hundreds of millions of its users' own passwords insecurely, Facebook is demanding some users fork over the password for their outside email account as the price of admission to the social network. Facebook users are being interrupted by an interstitial demanding they provide the password for the email account they gave to Facebook when signing up. "To continue using Facebook, you'll need to confirm your email," the message demands. "Since you signed up with [email address], you can do that automatically ..." A form below the message asked for the users' "email password."
"That's beyond sketchy," security consultant Jake Williams told the Daily Beast. "They should not be taking your password or handling your password in the background. If that's what's required to sign up with Facebook, you're better off not being on Facebook." In a statement emailed to the Daily Beast after this story published, Facebook reiterated its claim it doesn't store the email passwords. But the company also announced it will end the practice altogether. "We understand the password verification option isn't the best way to go about this, so we are going to stop offering it," Facebook wrote. It's not clear how widely the new measure was deployed, but in its statement Facebook said users retain the option of bypassing the password demand and activating their account through more conventional means, such as "a code sent to their phone or a link sent to their email." Those options are presented to users who click on the words "Need help?" in one corner of the page.
"That's beyond sketchy," security consultant Jake Williams told the Daily Beast. "They should not be taking your password or handling your password in the background. If that's what's required to sign up with Facebook, you're better off not being on Facebook." In a statement emailed to the Daily Beast after this story published, Facebook reiterated its claim it doesn't store the email passwords. But the company also announced it will end the practice altogether. "We understand the password verification option isn't the best way to go about this, so we are going to stop offering it," Facebook wrote. It's not clear how widely the new measure was deployed, but in its statement Facebook said users retain the option of bypassing the password demand and activating their account through more conventional means, such as "a code sent to their phone or a link sent to their email." Those options are presented to users who click on the words "Need help?" in one corner of the page.
Zuck: I have over 4,000 emails, pictures, addresses, SNS
[Redacted Friend's Name]: What? How'd you manage that one?
Zuck: People just submitted it.
Zuck: I don't know why.
Zuck: They "trust me"
Zuck: Dumb fucks
https://www.cnet.com/news/face...
You won't need to give your email to sign up for a new account anymore.
After a Twitter user called out the social media giant over the practice on Sunday, Facebook has backtracked on the verification requirement.
It is because of stupid and ridicules actions such as this is the reason I refuse to have a facebook account. you just cannot trust them.
Probably PCI (Payment Card Industry). They're anal about the software development process and how features get onto web sites that deal with credit cards.
Software Engineer & Writer of Military Science Fiction and Fantasy Blog: petermwright.com Twitter: WrightPeterM
"beyond sketchy" is putting it very mildly.
This is the behaviour of scammers, period.
Nobody should ever need my password to any account on any other site. Ever. Period, end of discussion. Everyone who asks for it is trying to pull a fast one or is so much beyond stupid that it amounts to the same thing.
Sadly, they aren't the first. There's a service over here in Europe where you can pay online at any website with a bank transaction even if you don't have a credit card (for you Americans: There are people older than 3 years that don't have a credit card in Europe, believe it or not). All they need is your bank number and PIN.
How anyone would give a 3rd party service the login details to their bank account is completely beyond me, but apparently people do because the service is still operational.
Far from what we should be teaching users, we teach them all the wrong things, and then complain that they're stupid. They're not. They just get stupid messages from people who should know better.
Assorted stuff I do sometimes: Lemuria.org
...you're better off not being on Facebook.
Note that this clause works well even without any qualifiers.
Do you have ESP?
It's time for Facebook to be eliminated. Burn it to the ground. Every hard drive, every SSD, every backup tape. Drop Zuckerberg into an oubliette. Enough is enough.
Does anyone actually read anymore or is it just knee-jerk reactions to click-bait pull words? Yes, Facebook DEMANDS you validate your e-mail address. Pretty much every site on the planet does. Facebook OFFERS to allow you to be an idiot and give them your password to do it. Exactly zero percent of this headline or the click-baity article is accurate.