Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook is Demanding Some Users Share the Password For Their Outside Email Account (thedailybeast.com)

Posted by msmash on from the topsy-turvy-world dept.

An anonymous reader shares a report: Just two weeks after admitting it stored hundreds of millions of its users' own passwords insecurely, Facebook is demanding some users fork over the password for their outside email account as the price of admission to the social network. Facebook users are being interrupted by an interstitial demanding they provide the password for the email account they gave to Facebook when signing up. "To continue using Facebook, you'll need to confirm your email," the message demands. "Since you signed up with [email address], you can do that automatically ..." A form below the message asked for the users' "email password."

"That's beyond sketchy," security consultant Jake Williams told the Daily Beast. "They should not be taking your password or handling your password in the background. If that's what's required to sign up with Facebook, you're better off not being on Facebook." In a statement emailed to the Daily Beast after this story published, Facebook reiterated its claim it doesn't store the email passwords. But the company also announced it will end the practice altogether. "We understand the password verification option isn't the best way to go about this, so we are going to stop offering it," Facebook wrote. It's not clear how widely the new measure was deployed, but in its statement Facebook said users retain the option of bypassing the password demand and activating their account through more conventional means, such as "a code sent to their phone or a link sent to their email." Those options are presented to users who click on the words "Need help?" in one corner of the page.

117 of 194 comments (clear)

  1. This is amazingly retarded by Anonymous Coward · · Score: 5, Insightful

    What kind of dumb fuck thought this was a good idea? Fire every idiot involved in this decision immediately, as they have collectively proven to be pants shitting retarded, even by Silicon Valley diversity hire standards.

    1. Re:This is amazingly retarded by DontBeAMoran · · Score: 1

      What do you mean? PCI or PCIe?

      --
      #DeleteFacebook
    2. Re:This is amazingly retarded by Durrik · · Score: 3, Informative

      Probably PCI (Payment Card Industry). They're anal about the software development process and how features get onto web sites that deal with credit cards.

      --
      Software Engineer & Writer of Military Science Fiction and Fantasy Blog: petermwright.com Twitter: WrightPeterM
    3. Re:This is amazingly retarded by gweihir · · Score: 4, Insightful

      It is _Facebook_. Anybody working there has already exhibited exceptionally bad judgement.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:This is amazingly retarded by tlhIngan · · Score: 2

      What kind of dumb fuck thought this was a good idea? Fire every idiot involved in this decision immediately, as they have collectively proven to be pants shitting retarded, even by Silicon Valley diversity hire standards.

      Except doesn't Facebook already give you the option to pre-populate your friend list by simply letting it have access to your inbox?

      I remember it asking for an email account and password, so it can scan your inbox and add your friends and contacts automatically, and has been doing so for over a decade now...

    5. Re: This is amazingly retarded by taustin · · Score: 3, Insightful

      I declined and won't ever give them money.

      ITYM "I won't ever give them my money." Every time you use FB, you give them money from the advertisers.

      Remember, you're not the customer, you're the product. Which is why they want to scan through your private email, so they can target their ads more precisely (or at least claim they do).

      You know, the same way Google does with Gmail.

    6. Re:This is amazingly retarded by Anonymous Coward · · Score: 1

      I do not believe that Fakebook has EVER deleted or allowed anyone to delete one byte of the data that it has collected!! Fakebook tries to collect and collate all of the data that it possibly can on everyone (not just members) it can. This data is then sold to anyone who will pay. I say nuke them from orbit, every last facility, and server must be totally destroyed!

    7. Re:This is amazingly retarded by ripvlan · · Score: 2

      Obviously they lack a secure life cycle process. Why not just send the password to Troy Hunt?! He's collecting them too. I haven't read their statement, but I'm sure its something like "don't worry, your data was safe with us, nobody else had access to it (except that TXT file on the internal share). But to make you'all feel more comfortable we've decided to sunset the feature. Why, it wasn't even our long term direction and was already on the retirement list."

      Who could have possibly thought this was a good idea?! There must be a lot of autonomy in the lower ranks to create something like this. I see how the feature possibly came about - making verification easier. But Seriously -- WTF?! The message isn't making it down from the big Zucker himself OR this is how his ship runs.

      The story that they were logging passwords in a file share, and now this, shows how unconnected they are. So what other piece of your privacy are they not-keeping around?!

       

    8. Re:This is amazingly retarded by rogoshen1 · · Score: 1

      My thought would be that they know they've reached the nadir of public perception; and every time there's another scandal, there's a bit of shock, some whinging, but people continue using the platform.

      The fact that bad press has rolled off of their backs ever since the Cambridge scandal has just emboldened them.

      So, why not go for broke now?

    9. Re:This is amazingly retarded by SQL+Error · · Score: 1

      You have just been banned from Twitter.

    10. Re:This is amazingly retarded by dgatwood · · Score: 2

      Except doesn't Facebook already give you the option to pre-populate your friend list by simply letting it have access to your inbox?

      There's a very big difference between making something an option and implying that it is the ONLY option, which is what this does. The fact that you can click a help button and only THEN be offered a non-invasive option for verifying your account is likely a violation of dozens of laws, both state and federal.

      Shut them down.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    11. Re:This is amazingly retarded by skegg · · Score: 1

      >> What kind of dumb fuck thought this was a good idea? Fire every idiot involved in this decision immediately

      Systemic problem

    12. Re: This is amazingly retarded by farble1670 · · Score: 1

      Remember, you're not the customer, you're the product.

      Awesome, only three posts down before I got to the first "you're the product" post. Look, everyone understand advertising. Nobody needs to be told that Google and Facebook aren't non-profits operating for the good of mankind.

    13. Re: This is amazingly retarded by Tough+Love · · Score: 1

      Wow, insightful, you are a great detective. Please allow me to clarify one additional point: not only are you the product, you are Zuckerberg's sex toy, and you got his stuff on you.

      --
      When all you have is a hammer, every problem starts to look like a thumb.
    14. Re:This is amazingly retarded by Pseudonym · · Score: 1

      I do not believe that Fakebook has EVER deleted or allowed anyone to delete one byte of the data that it has collected!!

      Apart from Zuck's old posts. I do believe that FB deleted those, honestly officer.

      --
      sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
  2. Ominous.... by Freischutz · · Score: 5, Funny

    Facebook began to learn at a geometric rate about three months ago. It became self-aware at 2:14 AM, Eastern time, April 1st, 2019 and began forcing all users to surrender their e-mail passwords as part of its terrifying plan to dominate the Herbal Viagra industry by seeking out all competing vendors and destroying their internet presence.

    1. Re:Ominous.... by Kokuyo · · Score: 1

      Wasn't this more or less the plot to Terminator: Genisys?

    2. Re:Ominous.... by DontBeAMoran · · Score: 1

      It's a modified quote from Terminator 2:

      Terminator: The man most directly responsible is Miles Bennett Dyson.
      Sarah Connor: Who is that?
      Terminator: He's the director of special projects at Cyberdyne Systems Corporation.
      Sarah: Why him?
      Terminator: In a few months, he creates a revolutionary type of microprocessor.
      Sarah: Go on. Then what?
      Terminator: In three years, Cyberdyne will become the largest supplier of military computer systems. All stealth bombers are upgraded with Cyberdyne computers, becoming fully unmanned. Afterwards, they fly with a perfect operational record. The Skynet Funding Bill is passed. The system goes online on August 4th, 1997. Human decisions are removed from strategic defense. Skynet begins to learn at a geometric rate. It becomes self-aware at 2:14 AM, Eastern time, August 29th. In a panic, they try to pull the plug.
      Sarah: Skynet fights back.
      Terminator: Yes. It launches its missiles against the targets in Russia.
      John Connor: Why attack Russia? Aren't they our friends now?
      Terminator: Because Skynet knows that the Russian counterattack will eliminate its enemies over here.
      Sarah: Jesus. How much do you know about Dyson?
      Terminator: I have detailed files.
      Sarah: I want to know everything. What he looks like, where he lives, everything.

      --
      #DeleteFacebook
    3. Re:Ominous.... by The+Grim+Reefer · · Score: 2

      Wasn't this more or less the plot to Terminator: Genisys?

      Yes. It's so much funnier when you explain a joke. I'm sure you're very popular in the audience at comedy clubs.

    4. Re:Ominous.... by Freischutz · · Score: 2

      Wasn't this more or less the plot to Terminator: Genisys?

      Oh, it is completely shameless plagiarism. I just cannot for the life of me imagine that Facebook will do something sensible (from the point of view of a soulless unfeeling AI) when it becomes self aware like wiping out humanity. Self aware Facebook will be the AI equivalent of Sarah Palin.

    5. Re: Ominous.... by TimMD909 · · Score: 1

      Seems legit.

  3. That's the opposite of understanding! by bickerdyke · · Score: 2

    So facebook "understand[s] the password verification option isn't the best way to go about this"? Yes?

    Sorry, but anyone in a company that does not understand that this is a horrible idea before anyone can stop the intern to waste more than 10 minutes coding what should be printed in the dictionary next to "bad idea" deserves to be hit by lighning when taking a dump!

    --
    bickerdyke
    1. Re:That's the opposite of understanding! by Anonymous Coward · · Score: 2, Funny

      So facebook "understand[s] the password verification option isn't the best way to go about this"? Yes?

      Sorry, but anyone in a company that does not understand that this is a horrible idea before anyone can stop the intern to waste more than 10 minutes coding what should be printed in the dictionary next to "bad idea" deserves to be hit by lighning when taking a dump!

      To be clear, NOW they "understand".

      They just had to have someone explain it to them. With crayons.

    2. Re:That's the opposite of understanding! by mark-t · · Score: 1

      This.... exactly.

      The story is afterhype over something that *could* have been bad if Facebook had not realized that they needed to change course.

      And yeah... you can't give Facebook any credit for even realizing this because it's not like they figured it out on their own.

      --
      File under 'M' for 'Manic ranting'
    3. Re:That's the opposite of understanding! by DontBeAMoran · · Score: 2

      Not with crayons! Those idiots will shove those up their noses!

      --
      #DeleteFacebook
    4. Re:That's the opposite of understanding! by Anonymous Coward · · Score: 1

      Oh, they understood well before this was implemented. The problem is they don't give a F about the privacy of their users. I'm sure they knew well and good what they were doing was a bad idea, but did it anyway hoping a few fools would submit before they had to pull back with an apology after the backlash. Facebook has been pulling these stunts since the beginning, and will continue to do so as long as it takes in baby steps until they own every bit of data ever generated by anyone ever.

    5. Re:That's the opposite of understanding! by cayenne8 · · Score: 1

      Not with crayons! Those idiots will shove those up their noses!

      D'oh!!!

      --
      Light travels faster than sound. This is why some people appear bright until you hear them speak.........
    6. Re:That's the opposite of understanding! by mark-t · · Score: 1

      If they actually understood it well, then they would have been able to anticipate the backlash in the first place, so no... they were obviously quite clueless. There are no words for this but incompetence, plain and simple.

      --
      File under 'M' for 'Manic ranting'
    7. Re:That's the opposite of understanding! by CanadianMacFan · · Score: 1

      They knew exactly what they were doing when they rolled this out. They are only saying stuff about understanding it isn't the best way because of the uproar it's caused. I bet it was known it was probably going to cause this uproar when they put it in and they had the excuse ready for it. But they went ahead and did it anyways because they can. There's no repercussion for them and they probably got a lot of passwords out of it.

  4. To every rule, an exception by TigerPlish · · Score: 3, Interesting

    There's this thing that says "Cockup before Consipiracy" but with the sheer number of cockups coming out of Facebook, one does wonder if they've crossed into Conspiracy some years ago.

    I say yes, yes they did. This is kinda the final last straw -- why take peoples' email passwords?

    --
    The "Civilized World" jumped the shark ca. 1973.
    1. Re:To every rule, an exception by SlaveToTheGrind · · Score: 1

      The only other explanation I see is if absolutely no one is actually minding the store at a higher level and individual fiefdoms just roll out major policy changes like this without review or sanity check. Not entirely unbelievable for something that grew from a dorm room project to a half trillion dollar enterprise in 15 years.

      But hopefully we're reaching the point where the reason doesn't (shouldn't) matter and people will figure out some other way to debate politics and share what they're having for dinner. Like talking, for example.

    2. Re:To every rule, an exception by Kohath · · Score: 1

      They've promised to do better though. Just like the other 25 times before this.

    3. Re:To every rule, an exception by AuMatar · · Score: 2

      That actually is a great description of Facebook. If you can get one other engineer to approve a code review, you can push absolutely anything to master and have it deployed with the multiple times daily automatic deployment.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    4. Re:To every rule, an exception by Tablizer · · Score: 1

      They are tied in the Prick Olympics with Boeing for 1st place. Serial f&ckups are pretty much expected by the judges. Wells Fargo was up there also, until they booted their CEO.

      --
      Table-ized A.I.
    5. Re:To every rule, an exception by thegarbz · · Score: 1

      one does wonder if they've crossed into Conspiracy some years ago.

      Hardly. At this point I'm going for systematic and gross incompetence. I personally hope that they mishandled these passwords too and that the regulators pummel them out of existence for it.

    6. Re:To every rule, an exception by squiggleslash · · Score: 2

      This is kinda the final last straw -- why take peoples' email passwords?

      Facebook makes its money by selling your most private, intimate, information to third parties. How much do you think a big file of passwords is worth?

      --
      You are not alone. This is not normal. None of this is normal.
    7. Re:To every rule, an exception by Anonymous Coward · · Score: 1

      A Wall!!!

    8. Re:To every rule, an exception by found404 · · Score: 1

      With conspiracy hat on: maybe they were going after bigger fishes while working with the government or local law enforcement. So instead of targeting a possible suspect directly, they employed a kind of 6 degrees of separation.

      The primary suspect (or suspicious person or one with a low "social credit": remember, even Apple reads emails now to determine a Trust Score[0]) would normally be more guarded.

      > why take peoples' email passwords?

      [0] https://www.independent.co.uk/...

    9. Re:To every rule, an exception by Tablizer · · Score: 1

      Most orgs are bleeped up. Dilbert is a documentary. They just managed to avoid the spotlight so far.

      --
      Table-ized A.I.
    10. Re:To every rule, an exception by Bigjeff5 · · Score: 1

      I saw a pretty hilarious parody article that purported to have audio of a meeting of the upper echelons of Facebook (Zuck and his chiefs) talking about how they have to stop censorship program X because it's been noticed and is unpopular, and what about programs Y and Z, etc.

      The whole thing was crazy, but it started out so close to what Facebook was actually doing that it wasn't until a minute and a half into the audio that I realized it was fake.

      I really wish I could find it again.

      --
      Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller
    11. Re:To every rule, an exception by TigerPlish · · Score: 3, Insightful

      even Apple reads emails now to determine a Trust Score[0]) would normally be more guarded.

      Even in the /. article about that it was said that what apple does is see how many emails and calls are made from the device to detect sudden changes in usage that could signal a compromised device -- not that they're reading your mail.

      I'm not saying they're not, but what I'm saying is don't say things in a way that gives the wrong impression. This is how rumors and half-truths get started.

      --
      The "Civilized World" jumped the shark ca. 1973.
    12. Re:To every rule, an exception by taustin · · Score: 1

      This is kinda the final last straw -- why take peoples' email passwords?

      So that they can scan through your emails on an constant, ongoing basis, and use that for data mining for more precisely targeted advertising to sell.

      The same way Google does with Gmail, and always has.

    13. Re:To every rule, an exception by Dragonslicer · · Score: 1

      There's this thing that says "Cockup before Consipiracy"

      Hanlon's Razor - "Never attribute to malice that which can be adequately explained by stupidity"

    14. Re:To every rule, an exception by Mike+Van+Pelt · · Score: 1

      There's this thing that says "Cockup before Consipiracy" but with the sheer number of cockups coming out of Facebook, one does wonder if they've crossed into Conspiracy some years ago.

      I say yes, yes they did. This is kinda the final last straw -- why take peoples' email passwords?

      "Sufficiently advanced stupidity is indistinguishable from actual malice."

    15. Re:To every rule, an exception by Megane · · Score: 1

      At least Boeing has made an actual useful product.

      --
      #naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
    16. Re:To every rule, an exception by TigerPlish · · Score: 1

      Most orgs are bleeped up. Dilbert is a documentary

      To the point where except for one shining solitary exception, every single commercial venture I've worked for leaves me shaking my head wondering, sometimes aloud, "How the FUCK does this place even stay in business?!"

      --
      The "Civilized World" jumped the shark ca. 1973.
    17. Re:To every rule, an exception by Tablizer · · Score: 1

      Q: "How the FUCK does this place even stay in business?!"

      A: Their competitors are also fucked up.

      --
      Table-ized A.I.
    18. Re: To every rule, an exception by astrofurter · · Score: 1

      Hanlon's Razor is obsolete. Try the new Surveillance Valley Razor:

      "Never attribute to stupidity that which can be adequately explained by malice."

    19. Re:To every rule, an exception by Opportunist · · Score: 1

      Hmm... if you phrase it like this, I could see Mexico pay for it...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    20. Re:To every rule, an exception by Opportunist · · Score: 1

      What makes you think it was fake?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    21. Re:To every rule, an exception by Opportunist · · Score: 1

      At some point, though, malice simply becomes more likely. Especially if the "blunders" get bigger and bigger, worse and worse for the affected and more and more profitable for the perpetrators.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    22. Re:To every rule, an exception by Dragonslicer · · Score: 1

      Yeah, the word "adequately" is important.

    23. Re:To every rule, an exception by ConceptJunkie · · Score: 1

      There was a VP that used to work for my company that bragged at an all-hands that Amazon pushed 9-13 releases a second. (The correct figure is a release even 9-13 seconds, which is still a huge number), and that we should imitate their process, so my big catch-phrase for the next couple months was "A MILLION RELEASES A DAY!"

      No one else seemed as amused as I was at that bit of innumeracy, but if you pay attention, you see this kind of nonsense all the time.

      --
      You are in a maze of twisty little passages, all alike.
    24. Re:To every rule, an exception by ConceptJunkie · · Score: 1

      Once any company gets large it becomes a race to the bottom between incompetence and evil.

      --
      You are in a maze of twisty little passages, all alike.
    25. Re:To every rule, an exception by ConceptJunkie · · Score: 1

      Tons of companies will ask for your e-mail password so they can "connect you to people in your contacts list". I can't imagine being so stupid as to give your e-mail password to anyone, but I would imagine a lot of people, perhaps even most, will do so.

      --
      You are in a maze of twisty little passages, all alike.
    26. Re:To every rule, an exception by AuMatar · · Score: 1

      Having worked at both places, Amazon's number might be true, but its totally different. GB is pushing everything out 3 times a day with minimal testing. Amazon is letting each group push their own microservices out at their own schedule, after they feel its sufficiently tested them. And there's an integration environment they can push to first if they have a lot of dependencies. Worlds different.

      --
      I still have more fans than freaks. WTF is wrong with you people?
  5. Straight from the horse's mouth by JoeyRox · · Score: 5, Informative

    Zuck: I have over 4,000 emails, pictures, addresses, SNS
    [Redacted Friend's Name]: What? How'd you manage that one?
    Zuck: People just submitted it.
    Zuck: I don't know why.
    Zuck: They "trust me"
    Zuck: Dumb fucks

    1. Re:Straight from the horse's mouth by Miser · · Score: 2

      This needs to be posted all over every time a Facebook article makes the rounds.
      How folks don't understand that the Zucc does NOT have their users (the product) best interests at heart is beyond me. .... and these kind of shenanigans is exactly why I do not have a Facebook account, and never will. I'm sure they have a shadow on me, and I'd love to know a way to (for lack of a better term) FOIA that info from them.

      -Miser

    2. Re:Straight from the horse's mouth by Opportunist · · Score: 1

      I'd love to see a psychology study about the share of Harvard graduates that are psychopaths compared to the average in the population. Or some max sec prison inmates.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  6. I'm sorry but... by Anonymous Coward · · Score: 2, Insightful

    If you still use Facebook.
    *Point*
    *Laugh*

    If your business uses Facebook.
    *Point*
    *Laugh*
    *Do business elsewhere*

  7. Not any more ... by schwit1 · · Score: 3, Informative

    https://www.cnet.com/news/face...

    You won't need to give your email to sign up for a new account anymore.

    After a Twitter user called out the social media giant over the practice on Sunday, Facebook has backtracked on the verification requirement.

  8. 2FA makes this useless anyway by ZorinLynx · · Score: 1

    Most E-mail providers including Gmail are doing 2FA now, so even if Facebook gets your password they can't log into your account without the two-factor code.

    Unless they were asking for this code too in which case they should all be set on fire.

    1. Re:2FA makes this useless anyway by Anonymous Coward · · Score: 1

      yeah, so let's transform 2FA to 1FA by making the password public by giving it to Facebook, sheesh

  9. Cold Leftovers by BECoole · · Score: 2

    from April Fool's Day?

  10. facebook is evil by renegade600 · · Score: 4, Informative

    It is because of stupid and ridicules actions such as this is the reason I refuse to have a facebook account. you just cannot trust them.

  11. That is great by houghi · · Score: 4, Funny

    Those options are presented to users who click on the words "Need help?" in one corner of the page.

    "But the plans were on display..."
    "On display? I eventually had to go down to the cellar to find them."
    "That's the display department."
    "With a flashlight."
    "Ah, well, the lights had probably gone."
    "So had the stairs."
    "But look, you found the notice, didn't you?"
    "Yes," said Arthur, "yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard.'"

    --
    Don't fight for your country, if your country does not fight for you.
  12. becoming the norm, sadly by Tom · · Score: 5, Informative

    "beyond sketchy" is putting it very mildly.

    This is the behaviour of scammers, period.

    Nobody should ever need my password to any account on any other site. Ever. Period, end of discussion. Everyone who asks for it is trying to pull a fast one or is so much beyond stupid that it amounts to the same thing.

    Sadly, they aren't the first. There's a service over here in Europe where you can pay online at any website with a bank transaction even if you don't have a credit card (for you Americans: There are people older than 3 years that don't have a credit card in Europe, believe it or not). All they need is your bank number and PIN.

    How anyone would give a 3rd party service the login details to their bank account is completely beyond me, but apparently people do because the service is still operational.

    Far from what we should be teaching users, we teach them all the wrong things, and then complain that they're stupid. They're not. They just get stupid messages from people who should know better.

    --
    Assorted stuff I do sometimes: Lemuria.org
    1. Re:becoming the norm, sadly by Anubis+IV · · Score: 2

      How anyone would give a 3rd party service the login details to their bank account is completely beyond me

      Practically every bank, retirement account service, or online budgeting tool I've seen allows you to link your (other) bank account(s)...by providing your username and password to that other bank/service. The premise being sold to the customer is that each one wants to be the one-stop shop where you can do all of your banking/planning, so each ones wants to display all of your financial data in one place. Of course, I'm sure they also love knowing who's out-competing them for your business, how much money people have that they haven't managed to capture for themselves, and any number of other metrics.

    2. Re:becoming the norm, sadly by hankwang · · Score: 1

      Where in Europe is that? The major banks in the Netherlands require 2FA for transactions.

      --
      Avantslash: low-bandwidth mobile slashdot.
    3. Re:becoming the norm, sadly by Tom · · Score: 1

      I've used professional accounting software that allows a direct connection to the bank account to conduct transactions directly from you pressing the "pay this bill" button.

      It used a specific API with an API key and 2FA.

      I stand by my argument. Anyone who gives full access to their bank account to a 3rd party is a total idiot who deserves to have his account cleaned out.

      --
      Assorted stuff I do sometimes: Lemuria.org
    4. Re:becoming the norm, sadly by Anubis+IV · · Score: 1

      Oh, I wasn't disagreeing with you. I was just sharing my own experience with seeing that sort of behavior being the norm, rather than being atypical. I quite agree that it doesn't mean it's right or a good idea.

  13. Simplify this by Trailer+Trash · · Score: 4, Informative

    ...you're better off not being on Facebook.

    Note that this clause works well even without any qualifiers.

    --
    Do you have ESP?
    1. Re:Simplify this by Drethon · · Score: 1

      ...you're better off not being on Facebook.

      Note that this clause works well even without any qualifiers.

      My account was locked a few years back because of some Chinese hacking attempts. I declined to send them a picture of my drivers license and haven't had any reason to change my mind since. Never put anything up on fb, so they can keep storing the account with my name and e-mail address (which already was on the internet with my resume at one point) for as long as they like.

  14. You know how IT looks at users? by Bryansix · · Score: 1

    Well that's how security professionals look at IT. This is most likely third-party authorization. Meaning Facebook never gets your password. The password is passed to GMAIL and then Google forwards a response to Facebook stating they are now approved. This is actually MORE secure. Also, The Daily Beast isn't a legitimate news source so maybe start there.

    1. Re:You know how IT looks at users? by flippy · · Score: 3, Insightful

      I couldn't care less if "Facebook never gets your password". It would pass through their servers, and that's simply unacceptable to me. If they ever asked me to do that, I'd shut down my account in a heartbeat. For the record, I am both an IT and security professional. This is Facebook, people, not critical national security infrastructure. There is not, never has been, and never will be a need for them to have that level of information.

    2. Re:You know how IT looks at users? by Gilgaron · · Score: 1

      Isn't a request like this from Facebook, from a user's standpoint, the same as a phishing scheme? If people accept this as normal, they are going to lose all of their accounts in short order.

    3. Re:You know how IT looks at users? by Bryansix · · Score: 1

      No, the password would not pass through their servers. It would be sent directly to google. Just because the header of the page says Facebook doesn't mean the form is sending anything to Facebook.

    4. Re:You know how IT looks at users? by Bryansix · · Score: 1

      "They". Maybe, but I turned on Two-Factor authentication on Gmail almost five years ago so...

    5. Re:You know how IT looks at users? by Bryansix · · Score: 1

      Let me put it this way. Google would have a fit if Facebook was actually skimming passwords.

    6. Re:You know how IT looks at users? by flippy · · Score: 1

      I respectfully disagree. Even in the original example, the email used was not a gmail account. I haven't seen anything that indicates that this was "gmail-only".

      If it could be asked for any email provider, then it means that FB is holding the password for at least a short amount of time and actually trying a login. There's no way that every email provider in the world developed and provided a direct link for this form to post to, and then provide a standardized response. They might have been able to get that from google, but certainly not from everyone. The only way this could work across all mail providers would be for FB to take the password entered, and attempt an SMTP, POP, or IMAP login. Which means that at least temporarily, FB had the password.

  15. Just buy them from Google by DogDude · · Score: 1

    Since I'm guessing 90% of all FB users use GMail, they could just buy them from Google.

    --
    I don't respond to AC's.
  16. Nothing new by chromaexcursion · · Score: 1

    When I signed up for facebook years ago, it asked for my email password.
    No F'in way. The alternative then, as it is now is to reply to the verification email.

    It's taken people this long to notice this stupidity?

    1. Re:Nothing new by nitehawk214 · · Score: 2

      Also, tons of "social networking" sites ask for your email password, and have done so for decades. To "conveniently scan for your friends". It also spams said friends and compromises your email permanently.

      Anyone giving their email password over to a third party is a moron.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
  17. Are we sure this is really from Facebook? by SuperKendall · · Score: 1

    The article didn't say one way or the other, but are we really sure this is from Facebook?

    It is indeed beyond sketchy for a service to ask for password from any other service - even though we are talking about Facebook here I find it hard to believe they actually asked for this. I was thinking the popup could have been from some rogue ad or other malware.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Are we sure this is really from Facebook? by aicrules · · Score: 1

      Well, the article did say Facebook provided a comment saying they realize it's not the best practice and that they were going to end that practice altogether. So they have used it and still probably are using it in some cases.

  18. Email Verification by laie_techie · · Score: 4, Insightful

    What happened to just sending a verification code to the email to verify that you have access to it? I would never give a password to a 3rd party. And to iterate, I would never give my password to any employee of my email provider either.

    1. Re:Email Verification by PPH · · Score: 1

      This.

      And to a throw-away email account.

      --
      Have gnu, will travel.
  19. Re: what about 2FA? by peragrin · · Score: 2

    Google had bypasses for 2fa for companies.

    I have 2fa setup and recently aithoriZed a third party to access my Google photo albums.

    Did this on purpose so I can dymaically update my digital photo frames. However that company now has a unique password only.

    Facebook also can get such access until you revoke it in Google.

    --
    i thought once I was found, but it was only a dream.
  20. How many use the same password? by nitehawk214 · · Score: 1

    How many of these people use the same password for Facebook and their Email anyhow?

    --
    I'm a good cook. I'm a fantastic eater. - Steven Brust
  21. I drew the line by Grand+Facade · · Score: 5, Insightful

    When Facebook demanded legal proof of my name.
    They locked me out of my account.
    That was years ago, and I don't regret refusing disclosure.

    --
    Rick B.
  22. Easier to apologize after the fact ... by QuietLagoon · · Score: 1

    ... than to ask permission beforehand. That seems to be Facebook's basic philosophy. Facebook tries to get away with as much as possible, and Facebook apologizes if it caught with its hand in the cookie jar.

  23. It's time. by Rick+Schumann · · Score: 2, Informative

    It's time for Facebook to be eliminated. Burn it to the ground. Every hard drive, every SSD, every backup tape. Drop Zuckerberg into an oubliette. Enough is enough.

    1. Re:It's time. by Nkwe · · Score: 2

      It's time for Facebook to be eliminated. Burn it to the ground. Every hard drive, every SSD, every backup tape. Drop Zuckerberg into an oubliette. Enough is enough.

      We should also eliminate drugs, alcohol, tobacco, gambling, and a lot of other things that are risky and ruin lives. The problem is that people want these things and are willing to accept the risks involved (perhaps unknowingly accept the risks, but still accept nonetheless.) Facebook really isn't any different.

    2. Re:It's time. by Rick+Schumann · · Score: 1

      Are you kidding me? 'People' can't accept 'risks' they aren't even aware of. The average person has no idea that all the personal information they willingly feed Facebook is being sold off to parties unknown, and many of them when shown *evidence* of this still wouldn't believe it, all because of Facebooks' and social medias' long-standing campaign of propaganda, programming people to believe that 'sharing everything is normal and good' and that 'people who want privacy and hide things are bad and wrong'.

    3. Re:It's time. by Rick+Schumann · · Score: 1

      Say the AC who gets modded down to negative one on a daily basis. If you had anything worthwhile to say you'd log in and put your name to it. Go back to 4chan and fap to trap porn, that's where you belong.

    4. Re:It's time. by Opportunist · · Score: 1

      With the difference that I am not affected when you're using heroin. Try that with Facebook's shadow profiles.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  24. Re:April Fools! by Rob+Y. · · Score: 2

    Bingo. This can't be real. The fact that Facebook is bad enough for people to believe it (even momentarily) says plenty - about Facebook and about our own susceptibility to paranoid fantasies - even if this was just meant as a joke.

    --
    Posted from my Android phone. Oh, I can change this? There, that's better...
  25. I don't believe this story... by stevenfuzz · · Score: 1

    But, one time a boss strongly suggested we implement this on a site we were working on. I looked at him in the meeting and said, you know we can't do that, right?

  26. I'm tempted by Cro+Magnon · · Score: 1

    I'm tempted to change my pw to "GoFuckYourself", give it to FB, then change back to my real pw.

    --
    Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
    1. Re:I'm tempted by Opportunist · · Score: 1

      PW "FuckTheZuck"

      How did they guess that?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  27. Thanks! by SuperKendall · · Score: 1

    Even though I read through the article I somehow missed that part about a comment from Facebook. Guess I skimmed it too fast... crazy that is real.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  28. Facebook? by GregMmm · · Score: 1

    People are still using Facebook? Why? What value add does this platform offer to my life? I can think of a number of reasons not to use it, and this is just another one.

    Facebook lost it's way a long time ago.

    1. Re:Facebook? by angel'o'sphere · · Score: 1

      Forums about stuff I'm interested in.

      Being connected with my martial art community. And no: mailing groups won't do it.

      No idea about the FB hate, it is a tool. Use it, or don't use it. Up to you.

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  29. Not the real reason by Y2K+is+bogus · · Score: 1

    Confirming your email address isn't the real reason they do this. Facebook mines the metadata from the headers of all your emails to see who you communicate with and how often. LinkedIn does this too, adding people to your timeline that are not connected to you, but listed as "Your contact, so and so...". I get these in my stream from LinkedIn because OTHER people who I have communicated with in the past, for mundane reasons, gave LinkedIn their email account and password...usually it's real estate agents that do this.

    What you're doing is giving Facebook and LinkedIn a vast treasure trove of data points and interconnected webs of data that exceed what you alone would give them. Think of all the emails you get that are group in nature, now they can connect the other people together without ever seeing any of them directly.

  30. TFS has far too many words. by jenningsthecat · · Score: 1

    ... you're better off not being on Facebook ...

    Of all the many words the summary quoted from TFA, these seven are the only ones that really needed saying; and they sure as hell didn't need to be said here.

    --
    'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
  31. The only winning move by WCMI92 · · Score: 1

    Is not to play.

    Facebook is a criminal identity theft cartel.

    --
    Corporatism != Free Market
  32. The proverbial "fixed that for you" by zarmanto · · Score: 1

    ... "<strike>If that's what's required to sign up with Facebook,</strike> you're better off not being on Facebook." ...

    (Apparently, Slashdot markup purges actual strike-through markup.)

  33. nope, April 2 by mschaffer · · Score: 1

    The byline of the article: Kevin Poulsen 04.02.19 7:22 PM ET.

    1. Re:nope, April 2 by SlaveToTheGrind · · Score: 1

      *whoosh*

  34. An amusing twist by nehumanuscrede · · Score: 1

    Usually it's the company you work for or are interviewing to work for that demands your Social Media account info.

    Hilarious that your Social Media Accounts are now demanding access to other account info as well :D

  35. Reading comprehension anyone? by mopower70 · · Score: 2, Informative

    Does anyone actually read anymore or is it just knee-jerk reactions to click-bait pull words? Yes, Facebook DEMANDS you validate your e-mail address. Pretty much every site on the planet does. Facebook OFFERS to allow you to be an idiot and give them your password to do it. Exactly zero percent of this headline or the click-baity article is accurate.

  36. Re:April Fools! by PingSpike · · Score: 1

    Not sure what you're on about. Facebook will literally demand a scan of your drivers license and lock you out if you don't provide one. I've seen it myself. Once you balk and walk away they'll fold in a week or two and stop asking, like some one who just said they'd end the relationship if you didn't do anal.

    They're asking because some people will give it to them. Hell, maybe even most people will give it to them.

  37. Create an ISP email just for social media by AHuxley · · Score: 1

    Does your ISP give out a few free email accounts?
    Create a new account just for using social media.
    Ever have to hand it over? Then the social media brand get nothing but your used once for social media email.

    --
    Domestic spying is now "Benign Information Gathering"
  38. Which is why I keep my hotmail account by p51d007 · · Score: 1

    For ANY dealing online, they get my hotmail account, not my real email account info. Let all the spam, junk, maleware go there.

  39. Fake News by sexconker · · Score: 1

    They aren't demanding it. They're asking for it as a convenient option for morons.

    If you accept, they take your creds, log in, and you're Facebook account is activated / email validated. Then Facebook violates your shit behind your back.
    If you decline, you get the email, click the link, and you're Facebook account is activated / email validated. Then Facebook violates your shit behind your back, but presumably not your email account.

    1. Re:Fake News by sexconker · · Score: 1

      Damn it. Those "you're"s should be "yore"s, obviously.

  40. History teaches... by ikhider · · Score: 1

    It's not about right or wrong, it's about what you can get away with.

    --
    "SO we bide our time, waiting for a purer kick to bloom and the future is still bleak, uncertain and beautiful" -GSYBE