Facebook gets 'caught up' asking users to provide email passwords

Facebook has recently been 'caught up' using a truly 'bad' user verification mechanism, which can endanger users of the world's largest social networking platform.

Usually, social media platforms, or any other online service, will require users to confirm their account through entering a secret code or a unique URL sent to the address. The email they provided during account registration.

Facebook gets 'caught up' asking users to provide email passwords Picture 1

1. Detects 540 million Facebook user data publicly stored on Amazon servers

However, besides requiring the usual email address entry, Facebook has been found to require some new users to provide their email account password for this social networking site. Such a mechanism of user verification according to many security experts is 'the idea cannot be worse, because it can directly threaten the privacy and security of users' data.

More specifically, this 'strange' verification mechanism was first noticed by a Twitter user with the nickname e-Sushi (@origenesushi). Accordingly, the Twitter account holder has discovered that Facebook requires users to enter the password of third-party email services for Facebook, so that this social network can "automatically" confirm. proving their email address.

Facebook gets 'caught up' asking users to provide email passwords Picture 2

1. 'Twitter, Facebook and Instagram are dangerous diseases spreading worldwide'

However, this request only appears for email accounts from certain email providers that Facebook deems suspicious.

"I have checked this problem myself by trying to register an account 3 times with 3 different email accounts, and simultaneously using 3 separate IPs as well as 2 different browsers. The result is 2 of them. Three times I had to face the request to enter the email password to verify it immediately after clicking on the 'register account' button on the Facebook account's home page. This authentication mechanism ', nickname e-Sushi shared.

Unfortunately, this news came out only two weeks after Facebook admitted that they had "mistakenly stored" about 200 million to 600 million user passwords in plain text, ie unencrypted. At the same time, a series of bugs existed that made many Facebook applications allow anyone of the company's 2000 employees to have internal access to the password store.

Facebook gets 'caught up' asking users to provide email passwords Picture 3

1. Will Facebook pay for the posts included in the dedicated news tab of this social network?

In a statement sent to the Daily Beast, Facebook confirmed the existence of such "suspicious" email verification process, but did not forget to declare that they did not proceed to store the email password because user provided on his server. Besides, this social networking site also pledged to completely terminate the "unique" authentication method above.

"We understand that the email password authentication option is not the best option to solve user verification, so Facebook will stop running this authentication method," Facebook representative said.

Besides, Facebook also noted that users can switch to select other account verification methods, such as sending one-time authentication code to the phone number registered, or sending the link to the address. Only the user's email by clicking on "Need help?".

Facebook gets 'caught up' asking users to provide email passwords Picture 4

1. Many of Mark Zuckerberg's old posts disappeared 'leaving no trace', Facebook said they had . mistakenly deleted

A number of Facebook's controversial privacy and privacy incidents have been noted recently:

1. Facebook admits storing millions of user passwords in plain text.
2. 30 million Facebook accounts were hacked using stolen access tokens.
3. Facebook pays minors $ 20 to collect their private data.
4. Facebook acknowledges that the public data of 2.2 billion users has been compromised.

After all, the key point to keep in mind here is never share your email password, or any of your account passwords with anyone, or enter it on any page. Which web or social media service, except those designed to protect your password against phishing attacks, such as password management tools.