Facebook has halted a sketchy practice of asking some new users for their outside email credentials in order to verify their accounts. After a Twitter user on Sunday shared a screenshot of Facebook asking them for the password to their email, the social media large faced intense criticism from security professionals. A spokesman for Facebook told The Daily Beast that it would no longer engage in this practice.
Facebook has maintained that the password prompt solely appeared for a small variety of users, specifically new users who were signing up for Facebook on desktops with email addresses that didn’t support OAuth. OAuth, which is an open standard security protocol used by Google, Amazon, Twitter and Facebook, lets users grant third-party clients access to their info without giving them their password.
Engadget tested the company’s claim on Tuesday morning that it no longer asks for email passwords, and it checks out. We signed up for a brand new Facebook account with an iCloud email address, which doesn’t use OAuth. Facebook then sent a five digit security code to that iCloud email; it conjointly sent a separate email with a “Get Started” link, both of which could be used to get into the new Facebook account — however crucially, it never asked us for the e-mail account password.
Facebook is facing a lot of scrutiny over how it handles user passwords after various privacy transgressions over the past year. Whereas the social media large is always fast to repair whatever initial problem happens, the very fact is that new problems always crop up. If a 3,000 word manifesto released last month by ceo Mark Zuckerberg on a new “privacy-focused” vision for the company is to be believed, the company wants to take privacy seriously from the top-down. However the recent evidence isn’t too encouraging.