“Facebook is reportedly demanding users to enter passwords to email ID used to create a Facebook account for verification”
Social-media giant Facebook is reportedly seeking users to disclose passwords to their personal email accounts to gain back access to the platform. The report shows a message demanding users to enter the password for the email ID attached to Facebook on the log-in screen, as spotted by cybersecurity watcher with Twitter handle e-sushi. The message reads, “To continue using Facebook, you’ll need to confirm your email,” which then followed by a request asking users to enter the personal email ID’s password.
Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you’re practically fishing for passwords you are not supposed to know! pic.twitter.com/XL2JFk122l— e-sushi (@originalesushi) March 31, 2019
How widespread the request to the enter the password is unclear at the moment. Facebook might be doing so to verify user details, but requesting the password is a bit too much. However, the company is also offering an option to bypass password request by activating the account through conventional methods like code verification sent to phone or link sent to email. These options to authenticate will be displayed on clicking “Need help?” present on the corner of the page.
Right after The Daily Beast report, Facebook claimed that it doesn’t store any data and will end the practice of requesting passwords altogether. In a statement, Facebook said, “We understand the password verification option isn’t the best way to go about this, so we are going to stop offering it.” Though it notes that “Facebook won’t store your password” below the password field, but how secure they are, given Facebook’s record, is a debate for another day. This comes right after Facebook admitted to having stored 600 million user-passwords in plain text that is accessible by its employees.