Slashdot Mirror
Facebook is Demanding Some Users Share the Password For Their Outside Email Account (thedailybeast.com)
An anonymous reader shares a report: Just two weeks after admitting it stored hundreds of millions of its users' own passwords insecurely, Facebook is demanding some users fork over the password for their outside email account as the price of admission to the social network. Facebook users are being interrupted by an interstitial demanding they provide the password for the email account they gave to Facebook when signing up. "To continue using Facebook, you'll need to confirm your email," the message demands. "Since you signed up with [email address], you can do that automatically ..." A form below the message asked for the users' "email password."
"That's beyond sketchy," security consultant Jake Williams told the Daily Beast. "They should not be taking your password or handling your password in the background. If that's what's required to sign up with Facebook, you're better off not being on Facebook." In a statement emailed to the Daily Beast after this story published, Facebook reiterated its claim it doesn't store the email passwords. But the company also announced it will end the practice altogether. "We understand the password verification option isn't the best way to go about this, so we are going to stop offering it," Facebook wrote. It's not clear how widely the new measure was deployed, but in its statement Facebook said users retain the option of bypassing the password demand and activating their account through more conventional means, such as "a code sent to their phone or a link sent to their email." Those options are presented to users who click on the words "Need help?" in one corner of the page.
"That's beyond sketchy," security consultant Jake Williams told the Daily Beast. "They should not be taking your password or handling your password in the background. If that's what's required to sign up with Facebook, you're better off not being on Facebook." In a statement emailed to the Daily Beast after this story published, Facebook reiterated its claim it doesn't store the email passwords. But the company also announced it will end the practice altogether. "We understand the password verification option isn't the best way to go about this, so we are going to stop offering it," Facebook wrote. It's not clear how widely the new measure was deployed, but in its statement Facebook said users retain the option of bypassing the password demand and activating their account through more conventional means, such as "a code sent to their phone or a link sent to their email." Those options are presented to users who click on the words "Need help?" in one corner of the page.
There's this thing that says "Cockup before Consipiracy" but with the sheer number of cockups coming out of Facebook, one does wonder if they've crossed into Conspiracy some years ago.
I say yes, yes they did. This is kinda the final last straw -- why take peoples' email passwords?
The "Civilized World" jumped the shark ca. 1973.