Facebook has been caught asking some of the users for their email account passwords. This is considered to be the worst ever user-verification mechanism that can put the user’s security at risk.
Usually, some online service asks users to confirm a code or a unique URL sent to their email address they have provided while registering the account. But Facebook was asking some newly-registered users to provide them with the passwords to their email accounts. This is not a good idea as it could threaten privacy and security of its users.
This was first noticed by Twitter account e-Sushi using the handle @originalesushi. Facebook was prompting the users to provide their passwords for third-party email services, for the company to automatically verify their email addresses.
This prompt was done for email accounts from certain email providers which Facebook considers to be suspicious.
e-Sushi tweeted that he has tested it himself by registering 3 times with 3 different emails using 3 different IPs and 2 different browsers. 2 out of 3 times he faced that email password verification prompt soon after clicking “register account” on their front-page sign-up form.
Facebook confirmed the existence of such “dubious” verification process but also claims that it doesn’t store the user-provided email passwords on its server. They also stated that they would end the practice of asking for email passwords altogether.
Facebook also said that those users who were prompted for email passwords for account verification could have opted for other verification methods such as a passcode sent to their phone number or a link to their email address by clicking the “Need help?” button on the page.
It is always important to remember that never share your email password with anyone, or enter it into any website or any social media service, except the email service for which it is intended in order to avoid your passwords being stolen using “phishing attacks.”