Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook is Demanding Some Users Share the Password For Their Outside Email Account (thedailybeast.com)

Posted by msmash on from the topsy-turvy-world dept.

An anonymous reader shares a report: Just two weeks after admitting it stored hundreds of millions of its users' own passwords insecurely, Facebook is demanding some users fork over the password for their outside email account as the price of admission to the social network. Facebook users are being interrupted by an interstitial demanding they provide the password for the email account they gave to Facebook when signing up. "To continue using Facebook, you'll need to confirm your email," the message demands. "Since you signed up with [email address], you can do that automatically ..." A form below the message asked for the users' "email password."

"That's beyond sketchy," security consultant Jake Williams told the Daily Beast. "They should not be taking your password or handling your password in the background. If that's what's required to sign up with Facebook, you're better off not being on Facebook." In a statement emailed to the Daily Beast after this story published, Facebook reiterated its claim it doesn't store the email passwords. But the company also announced it will end the practice altogether. "We understand the password verification option isn't the best way to go about this, so we are going to stop offering it," Facebook wrote. It's not clear how widely the new measure was deployed, but in its statement Facebook said users retain the option of bypassing the password demand and activating their account through more conventional means, such as "a code sent to their phone or a link sent to their email." Those options are presented to users who click on the words "Need help?" in one corner of the page.

8 of 194 comments (clear)

  1. This is amazingly retarded by Anonymous Coward · · Score: 5, Insightful

    What kind of dumb fuck thought this was a good idea? Fire every idiot involved in this decision immediately, as they have collectively proven to be pants shitting retarded, even by Silicon Valley diversity hire standards.

    1. Re:This is amazingly retarded by gweihir · · Score: 4, Insightful

      It is _Facebook_. Anybody working there has already exhibited exceptionally bad judgement.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re: This is amazingly retarded by taustin · · Score: 3, Insightful

      I declined and won't ever give them money.

      ITYM "I won't ever give them my money." Every time you use FB, you give them money from the advertisers.

      Remember, you're not the customer, you're the product. Which is why they want to scan through your private email, so they can target their ads more precisely (or at least claim they do).

      You know, the same way Google does with Gmail.

  2. I'm sorry but... by Anonymous Coward · · Score: 2, Insightful

    If you still use Facebook.
    *Point*
    *Laugh*

    If your business uses Facebook.
    *Point*
    *Laugh*
    *Do business elsewhere*

  3. Email Verification by laie_techie · · Score: 4, Insightful

    What happened to just sending a verification code to the email to verify that you have access to it? I would never give a password to a 3rd party. And to iterate, I would never give my password to any employee of my email provider either.

  4. Re:You know how IT looks at users? by flippy · · Score: 3, Insightful

    I couldn't care less if "Facebook never gets your password". It would pass through their servers, and that's simply unacceptable to me. If they ever asked me to do that, I'd shut down my account in a heartbeat. For the record, I am both an IT and security professional. This is Facebook, people, not critical national security infrastructure. There is not, never has been, and never will be a need for them to have that level of information.

  5. I drew the line by Grand+Facade · · Score: 5, Insightful

    When Facebook demanded legal proof of my name.
    They locked me out of my account.
    That was years ago, and I don't regret refusing disclosure.

    --
    Rick B.
  6. Re:To every rule, an exception by TigerPlish · · Score: 3, Insightful

    even Apple reads emails now to determine a Trust Score[0]) would normally be more guarded.

    Even in the /. article about that it was said that what apple does is see how many emails and calls are made from the device to detect sudden changes in usage that could signal a compromised device -- not that they're reading your mail.

    I'm not saying they're not, but what I'm saying is don't say things in a way that gives the wrong impression. This is how rumors and half-truths get started.

    --
    The "Civilized World" jumped the shark ca. 1973.