Facebook asking users their email passwords for verification: Report
Facebook said users retain the option of bypassing the password demand and activating their account through more conventional means.
Facebook is asking users to disclose passwords to their personal email accounts in order to access the social networking platform, the media reported.
A message has been flashing on some Facebook users' log-in screen, demanding them to enter the password of the email ID they built their Facebook account on, The Daily Beast reported on Tuesday.
"To continue using Facebook, you'll need to confirm your email," the message demands, followed by a form asking for users' email password.
How widely the new measure was deployed remains unclear.
In a statement, Facebook said users retain the option of bypassing the password demand and activating their account through more conventional means, such as "a code sent to their phone or a link sent to their email".
"We understand the password verification option isn't the best way to go about this, so we are going to stop offering it," the report quoted Facebook as saying.
Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know! pic.twitter.com/XL2JFk122l— e-sushi (@originalesushi) March 31, 2019
The additional login step was noticed over the weekend by a cyber security watcher on Twitter called "e-sushi".
The requirement from Facebook, which is already ill-reputed for user data and security breaches, has started making the rounds merely two weeks after Facebook admitted to have had stored around 200-600 million user-passwords in plain text, searchable by over 20,000 Facebook employees.