When you sign up for a new online service and you’re required to activate your account, all you need to do generally is click on an activation link and you’re done. However, Facebook has decided to demand the passwords of the email accounts that new users are using to sign up for the service. Not a good idea.
This news is according to a recent tweet by e-sushi who shared a screenshot that showed Facebook asking for the email password. This password is not the password to the user’s Facebook account, but the password to the email that they used to sign up for Facebook, something that no one else, other than the user, should ever have access to.
Security consultant Jake Williams says, “That’s beyond sketchy. They should not be taking your password or handling your password in the background. If that’s what’s required to sign up with Facebook, you’re better off not being on Facebook.”
Facebook has responded by saying, “We understand the password verification option isn’t the best way to go about this, so we are going to stop offering it.” The company also reassures that it does not store email passwords, but then again we can’t say that this is 100%. We don’t know if Facebook would have continued with this practice had it not gotten the negative attention.