Facebook is Demanding Some Users Share the Password For Their Outside Email Account (thedailybeast.com)

← Back to Stories (view on slashdot.org)

Facebook is Demanding Some Users Share the Password For Their Outside Email Account (thedailybeast.com)

Posted by msmash on Wednesday April 3, 2019 @02:01AM from the topsy-turvy-world dept.

An anonymous reader shares a report: Just two weeks after admitting it stored hundreds of millions of its users' own passwords insecurely, Facebook is demanding some users fork over the password for their outside email account as the price of admission to the social network. Facebook users are being interrupted by an interstitial demanding they provide the password for the email account they gave to Facebook when signing up. "To continue using Facebook, you'll need to confirm your email," the message demands. "Since you signed up with [email address], you can do that automatically ..." A form below the message asked for the users' "email password."

"That's beyond sketchy," security consultant Jake Williams told the Daily Beast. "They should not be taking your password or handling your password in the background. If that's what's required to sign up with Facebook, you're better off not being on Facebook." In a statement emailed to the Daily Beast after this story published, Facebook reiterated its claim it doesn't store the email passwords. But the company also announced it will end the practice altogether. "We understand the password verification option isn't the best way to go about this, so we are going to stop offering it," Facebook wrote. It's not clear how widely the new measure was deployed, but in its statement Facebook said users retain the option of bypassing the password demand and activating their account through more conventional means, such as "a code sent to their phone or a link sent to their email." Those options are presented to users who click on the words "Need help?" in one corner of the page.

36 of 194 comments (clear)

Min score:

Reason:

Sort:

This is amazingly retarded by Anonymous Coward · 2019-04-03 02:06 · Score: 5, Insightful

What kind of dumb fuck thought this was a good idea? Fire every idiot involved in this decision immediately, as they have collectively proven to be pants shitting retarded, even by Silicon Valley diversity hire standards.
1. Re:This is amazingly retarded by Durrik · 2019-04-03 02:36 · Score: 3, Informative
  
  Probably PCI (Payment Card Industry). They're anal about the software development process and how features get onto web sites that deal with credit cards.
  
  --
  Software Engineer & Writer of Military Science Fiction and Fantasy Blog: petermwright.com Twitter: WrightPeterM
2. Re:This is amazingly retarded by gweihir · 2019-04-03 02:42 · Score: 4, Insightful
  
  It is _Facebook_. Anybody working there has already exhibited exceptionally bad judgement.
  
  --
  Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
3. Re:This is amazingly retarded by tlhIngan · 2019-04-03 05:13 · Score: 2
  
  What kind of dumb fuck thought this was a good idea? Fire every idiot involved in this decision immediately, as they have collectively proven to be pants shitting retarded, even by Silicon Valley diversity hire standards.
  Except doesn't Facebook already give you the option to pre-populate your friend list by simply letting it have access to your inbox?
  I remember it asking for an email account and password, so it can scan your inbox and add your friends and contacts automatically, and has been doing so for over a decade now...
4. Re: This is amazingly retarded by taustin · 2019-04-03 05:18 · Score: 3, Insightful
  
  I declined and won't ever give them money.
  ITYM "I won't ever give them my money." Every time you use FB, you give them money from the advertisers.
  Remember, you're not the customer, you're the product. Which is why they want to scan through your private email, so they can target their ads more precisely (or at least claim they do).
  You know, the same way Google does with Gmail.
5. Re:This is amazingly retarded by ripvlan · 2019-04-03 06:32 · Score: 2
  
  Obviously they lack a secure life cycle process. Why not just send the password to Troy Hunt?! He's collecting them too. I haven't read their statement, but I'm sure its something like "don't worry, your data was safe with us, nobody else had access to it (except that TXT file on the internal share). But to make you'all feel more comfortable we've decided to sunset the feature. Why, it wasn't even our long term direction and was already on the retirement list."
  Who could have possibly thought this was a good idea?! There must be a lot of autonomy in the lower ranks to create something like this. I see how the feature possibly came about - making verification easier. But Seriously -- WTF?! The message isn't making it down from the big Zucker himself OR this is how his ship runs.
  The story that they were logging passwords in a file share, and now this, shows how unconnected they are. So what other piece of your privacy are they not-keeping around?!
6. Re:This is amazingly retarded by dgatwood · 2019-04-03 10:03 · Score: 2
  
  Except doesn't Facebook already give you the option to pre-populate your friend list by simply letting it have access to your inbox?
  There's a very big difference between making something an option and implying that it is the ONLY option, which is what this does. The fact that you can click a help button and only THEN be offered a non-invasive option for verifying your account is likely a violation of dozens of laws, both state and federal.
  Shut them down.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
Ominous.... by Freischutz · 2019-04-03 02:09 · Score: 5, Funny

Facebook began to learn at a geometric rate about three months ago. It became self-aware at 2:14 AM, Eastern time, April 1st, 2019 and began forcing all users to surrender their e-mail passwords as part of its terrifying plan to dominate the Herbal Viagra industry by seeking out all competing vendors and destroying their internet presence.
1. Re:Ominous.... by The+Grim+Reefer · 2019-04-03 02:27 · Score: 2
  
  Wasn't this more or less the plot to Terminator: Genisys?
  Yes. It's so much funnier when you explain a joke. I'm sure you're very popular in the audience at comedy clubs.
2. Re:Ominous.... by Freischutz · 2019-04-03 02:55 · Score: 2
  
  Wasn't this more or less the plot to Terminator: Genisys?
  Oh, it is completely shameless plagiarism. I just cannot for the life of me imagine that Facebook will do something sensible (from the point of view of a soulless unfeeling AI) when it becomes self aware like wiping out humanity. Self aware Facebook will be the AI equivalent of Sarah Palin.
That's the opposite of understanding! by bickerdyke · 2019-04-03 02:09 · Score: 2

So facebook "understand[s] the password verification option isn't the best way to go about this"? Yes?
Sorry, but anyone in a company that does not understand that this is a horrible idea before anyone can stop the intern to waste more than 10 minutes coding what should be printed in the dictionary next to "bad idea" deserves to be hit by lighning when taking a dump!

--
bickerdyke
1. Re:That's the opposite of understanding! by Anonymous Coward · 2019-04-03 02:13 · Score: 2, Funny
  
  So facebook "understand[s] the password verification option isn't the best way to go about this"? Yes?
  Sorry, but anyone in a company that does not understand that this is a horrible idea before anyone can stop the intern to waste more than 10 minutes coding what should be printed in the dictionary next to "bad idea" deserves to be hit by lighning when taking a dump!
  To be clear, NOW they "understand".
  They just had to have someone explain it to them. With crayons.
2. Re:That's the opposite of understanding! by DontBeAMoran · 2019-04-03 02:27 · Score: 2
  
  Not with crayons! Those idiots will shove those up their noses!
  
  --
  #DeleteFacebook
To every rule, an exception by TigerPlish · 2019-04-03 02:13 · Score: 3, Interesting

There's this thing that says "Cockup before Consipiracy" but with the sheer number of cockups coming out of Facebook, one does wonder if they've crossed into Conspiracy some years ago.
I say yes, yes they did. This is kinda the final last straw -- why take peoples' email passwords?

--
The "Civilized World" jumped the shark ca. 1973.
1. Re:To every rule, an exception by AuMatar · 2019-04-03 03:12 · Score: 2
  
  That actually is a great description of Facebook. If you can get one other engineer to approve a code review, you can push absolutely anything to master and have it deployed with the multiple times daily automatic deployment.
  
  --
  I still have more fans than freaks. WTF is wrong with you people?
2. Re:To every rule, an exception by squiggleslash · 2019-04-03 03:28 · Score: 2
  
  This is kinda the final last straw -- why take peoples' email passwords?
  
  Facebook makes its money by selling your most private, intimate, information to third parties. How much do you think a big file of passwords is worth?
  
  --
  You are not alone. This is not normal. None of this is normal.
3. Re:To every rule, an exception by TigerPlish · 2019-04-03 05:07 · Score: 3, Insightful
  
  even Apple reads emails now to determine a Trust Score[0]) would normally be more guarded.
  Even in the /. article about that it was said that what apple does is see how many emails and calls are made from the device to detect sudden changes in usage that could signal a compromised device -- not that they're reading your mail.
  I'm not saying they're not, but what I'm saying is don't say things in a way that gives the wrong impression. This is how rumors and half-truths get started.
  
  --
  The "Civilized World" jumped the shark ca. 1973.
Straight from the horse's mouth by JoeyRox · 2019-04-03 02:16 · Score: 5, Informative

Zuck: I have over 4,000 emails, pictures, addresses, SNS
[Redacted Friend's Name]: What? How'd you manage that one?
Zuck: People just submitted it.
Zuck: I don't know why.
Zuck: They "trust me"
Zuck: Dumb fucks
1. Re:Straight from the horse's mouth by Miser · 2019-04-03 03:25 · Score: 2
  
  This needs to be posted all over every time a Facebook article makes the rounds.
  How folks don't understand that the Zucc does NOT have their users (the product) best interests at heart is beyond me. .... and these kind of shenanigans is exactly why I do not have a Facebook account, and never will. I'm sure they have a shadow on me, and I'd love to know a way to (for lack of a better term) FOIA that info from them.
  -Miser
I'm sorry but... by Anonymous Coward · 2019-04-03 02:18 · Score: 2, Insightful

If you still use Facebook.
*Point*
*Laugh*
If your business uses Facebook.
*Point*
*Laugh*
*Do business elsewhere*
Not any more ... by schwit1 · 2019-04-03 02:19 · Score: 3, Informative

https://www.cnet.com/news/face...
You won't need to give your email to sign up for a new account anymore.
After a Twitter user called out the social media giant over the practice on Sunday, Facebook has backtracked on the verification requirement.
Cold Leftovers by BECoole · 2019-04-03 02:26 · Score: 2

from April Fool's Day?
facebook is evil by renegade600 · 2019-04-03 02:29 · Score: 4, Informative

It is because of stupid and ridicules actions such as this is the reason I refuse to have a facebook account. you just cannot trust them.
That is great by houghi · 2019-04-03 02:33 · Score: 4, Funny

Those options are presented to users who click on the words "Need help?" in one corner of the page.
"But the plans were on display..."
"On display? I eventually had to go down to the cellar to find them."
"That's the display department."
"With a flashlight."
"Ah, well, the lights had probably gone."
"So had the stairs."
"But look, you found the notice, didn't you?"
"Yes," said Arthur, "yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard.'"

--
Don't fight for your country, if your country does not fight for you.
becoming the norm, sadly by Tom · 2019-04-03 02:36 · Score: 5, Informative

"beyond sketchy" is putting it very mildly.
This is the behaviour of scammers, period.
Nobody should ever need my password to any account on any other site. Ever. Period, end of discussion. Everyone who asks for it is trying to pull a fast one or is so much beyond stupid that it amounts to the same thing.
Sadly, they aren't the first. There's a service over here in Europe where you can pay online at any website with a bank transaction even if you don't have a credit card (for you Americans: There are people older than 3 years that don't have a credit card in Europe, believe it or not). All they need is your bank number and PIN.
How anyone would give a 3rd party service the login details to their bank account is completely beyond me, but apparently people do because the service is still operational.
Far from what we should be teaching users, we teach them all the wrong things, and then complain that they're stupid. They're not. They just get stupid messages from people who should know better.

--
Assorted stuff I do sometimes: Lemuria.org
1. Re:becoming the norm, sadly by Anubis+IV · 2019-04-03 04:30 · Score: 2
  
  How anyone would give a 3rd party service the login details to their bank account is completely beyond me
  Practically every bank, retirement account service, or online budgeting tool I've seen allows you to link your (other) bank account(s)...by providing your username and password to that other bank/service. The premise being sold to the customer is that each one wants to be the one-stop shop where you can do all of your banking/planning, so each ones wants to display all of your financial data in one place. Of course, I'm sure they also love knowing who's out-competing them for your business, how much money people have that they haven't managed to capture for themselves, and any number of other metrics.
Simplify this by Trailer+Trash · 2019-04-03 02:37 · Score: 4, Informative

...you're better off not being on Facebook.
Note that this clause works well even without any qualifiers.

--
Do you have ESP?
Email Verification by laie_techie · 2019-04-03 02:54 · Score: 4, Insightful

What happened to just sending a verification code to the email to verify that you have access to it? I would never give a password to a 3rd party. And to iterate, I would never give my password to any employee of my email provider either.
Re:You know how IT looks at users? by flippy · 2019-04-03 02:57 · Score: 3, Insightful

I couldn't care less if "Facebook never gets your password". It would pass through their servers, and that's simply unacceptable to me. If they ever asked me to do that, I'd shut down my account in a heartbeat. For the record, I am both an IT and security professional. This is Facebook, people, not critical national security infrastructure. There is not, never has been, and never will be a need for them to have that level of information.
Re: what about 2FA? by peragrin · 2019-04-03 03:07 · Score: 2

Google had bypasses for 2fa for companies.
I have 2fa setup and recently aithoriZed a third party to access my Google photo albums.
Did this on purpose so I can dymaically update my digital photo frames. However that company now has a unique password only.
Facebook also can get such access until you revoke it in Google.

--
i thought once I was found, but it was only a dream.
Re:Nothing new by nitehawk214 · 2019-04-03 03:11 · Score: 2

Also, tons of "social networking" sites ask for your email password, and have done so for decades. To "conveniently scan for your friends". It also spams said friends and compromises your email permanently.
Anyone giving their email password over to a third party is a moron.

--
I'm a good cook. I'm a fantastic eater. - Steven Brust
I drew the line by Grand+Facade · 2019-04-03 03:14 · Score: 5, Insightful

When Facebook demanded legal proof of my name.
They locked me out of my account.
That was years ago, and I don't regret refusing disclosure.

--
Rick B.
It's time. by Rick+Schumann · 2019-04-03 03:32 · Score: 2, Informative

It's time for Facebook to be eliminated. Burn it to the ground. Every hard drive, every SSD, every backup tape. Drop Zuckerberg into an oubliette. Enough is enough.
1. Re:It's time. by Nkwe · 2019-04-03 04:13 · Score: 2
  
  It's time for Facebook to be eliminated. Burn it to the ground. Every hard drive, every SSD, every backup tape. Drop Zuckerberg into an oubliette. Enough is enough.
  We should also eliminate drugs, alcohol, tobacco, gambling, and a lot of other things that are risky and ruin lives. The problem is that people want these things and are willing to accept the risks involved (perhaps unknowingly accept the risks, but still accept nonetheless.) Facebook really isn't any different.
Re:April Fools! by Rob+Y. · 2019-04-03 03:39 · Score: 2

Bingo. This can't be real. The fact that Facebook is bad enough for people to believe it (even momentarily) says plenty - about Facebook and about our own susceptibility to paranoid fantasies - even if this was just meant as a joke.

--
Posted from my Android phone. Oh, I can change this? There, that's better...
Reading comprehension anyone? by mopower70 · 2019-04-03 06:13 · Score: 2, Informative

Does anyone actually read anymore or is it just knee-jerk reactions to click-bait pull words? Yes, Facebook DEMANDS you validate your e-mail address. Pretty much every site on the planet does. Facebook OFFERS to allow you to be an idiot and give them your password to do it. Exactly zero percent of this headline or the click-baity article is accurate.