Just weeks after Facebook admitted storing hundreds of millions of users’ passwords insecurely, the social networking giant is now demanding some new users give up their outside email passwords.
Some new Facebook users who register with the social networking platform are greeted with a message asking them to provide the password for the email account they just signed up with.
“To continue using Facebook, you’ll need to confirm your email,” the message reads. “Since you signed up with [email address], you can do that automatically.”
But rather than direct the user to log into their outside email account to verify a link sent by Facebook, the user is asked to input their password directly into a Facebook form.
“That’s beyond sketchy,” security consultant Jake Williams told the Daily Beast blog. “They should not be taking your password or handling your password in the background. If that’s what’s required to sign up with Facebook, you’re better off not being on Facebook.”
In a response to an inquiry made by the Daily Beast, Facebook reiterated it does not store email passwords. The company also announced it will end the practice of asking new users to input their email passwords.
“We understand the password verification option isn’t the best way to go about this, so we are going to stop offering it,” Facebook wrote in an email to the Daily Beast blog.
Last year, Facebook was criticized for allowing advertisers to target users using their phone numbers that they provided to Facebook in order to receive a text message for two-factor verification.
Facebook recently began making user phone numbers searchable on Facebook “in defiance of user expectations and security best practices,” wrote the Electronic Foundation Frontier, a group dedicated to promoting Internet civil liberties.
Photo by Getty Images