Facebook to stop ‘beyond sketchy’ practice of asking for email passwords

3 Apr 2019

Image: Mactrunk/Depositphotos

Facebook will no longer ask some users for their email password as a means of verification after drawing criticism from privacy advocates.

As Facebook founder Mark Zuckerberg prepared to face questions from Irish TDs on the possibility of linking social media accounts with PPS numbers, revelations had already come out that some users were being asked for their email password as a means to access the social network.

First reported by The Daily Beast, the prompted message said: “To continue using Facebook, you’ll need to confirm your email. Since you signed up with [email address], you can do that automatically …” This reportedly appeared above a form asking for the users’ “email password”.

Realising the major concerns users could have with their privacy – not long after Facebook admitted that millions of users’ passwords were insecurely stored – the company said in a statement that it will no longer ask for users’ email account passwords.

“A very small group of people have the option of entering their email password to verify their account when they sign up for Facebook,” a spokesperson said.

“That said, we understand the password verification option isn’t the best way to go about this, so we are going to stop offering it.”

Following the original discovery, a security consultant named Jake Williams described this form of verification as “beyond sketchy”.

“They should not be taking your [email] password or handling your password in the background. If that’s what’s required to sign up with Facebook, you’re better off not being on Facebook,” he said.

A changed Zuckerberg

On the subject of privacy, Zuckerberg recently published an op-ed in various newspapers across the world calling on greater regulation of both his own creation and of other major internet players.

“Lawmakers often tell me we have too much power over speech, and frankly I agree. I’ve come to believe that we shouldn’t make so many important decisions about speech on our own,” he said.

More specifically, he called for regulation in four areas: harmful content, election integrity, privacy and data portability.

“Internet companies should be accountable for enforcing standards on harmful content,” Zuckerberg wrote. “It’s impossible to remove all harmful content from the internet, but when people use dozens of different sharing services – all with their own policies and processes – we need a more standardised approach.”

Person logging into Facebook. Image: Mactrunk/Depositphotos

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com