Just two weeks after admitting it stored hundreds of millions of its users’ own passwords insecurely, Facebook is demanding some users fork over the password for their outside email account as the price of admission to the social network.
Facebook has become the social media version of the Mark of the Beast, and their latest attempt at invading your privacy will really anger you. Hundreds of thousands of new users, when signing up for a Facebook profile, were greeted with a popup box that asked them to not only confirm their email, but demanded their email password as well. This new ‘feature’ is called ‘password verification‘, and it was met with instant outrage.
For years now, we have be following the end times exploits of Mark Zukerberg and his One World social system called Facebook, and with each passing year things get worse and worse. We have gotten so used to communicating on Facebook that we no longer see it for the prophetical fulfillment it truly is. As of 2018, Facebook had 2,300,000,000 daily users posting and reading content around the globe, and is growing at a rate of 17% each year. Is short, it is the single greatest communication device ever conceived by mankind, second only to the Internet itself.
Remember years ago, when all these things were still yet future, and we were all so sure we would be able to recognize the One World System when it showed up and vowed to never be a part of it? Well…looks like we didn’t do so well with that one. It’s here and we’re in it.
‘Beyond Sketchy’: Facebook Demanding Some New Users’ Email Passwords
FROM THE DAILY BEAST: Facebook users are being interrupted by an interstitial demanding they provide the password for the email account they gave to Facebook when signing up. “To continue using Facebook, you’ll need to confirm your email,” the message demands. “Since you signed up with [email address], you can do that automatically …”
A form below the message asked for the users’ “email password.”
“That’s beyond sketchy,” security consultant Jake Williams told the Daily Beast. “They should not be taking your password or handling your password in the background. If that’s what’s required to sign up with Facebook, you’re better off not being on Facebook.”
In a statement emailed to The Daily Beast after this story published, Facebook reiterated its claim it doesn’t store the email passwords. But the company also announced it will end the practice altogether.
“We understand the password verification option isn’t the best way to go about this, so we are going to stop offering it,” Facebook wrote.
It’s not clear how widely the new measure was deployed, but in its statement Facebook said users retain the option of bypassing the password demand and activating their account through more conventional means, such as “a code sent to their phone or a link sent to their email.” Those options are presented to users who click on the words “Need help?” in one corner of the page.
Hey @facebook, demanding the secret password of the personal email accounts of your users for verification, or any other kind of use, is a HORRIBLE idea from an #infosec point of view. By going down that road, you're practically fishing for passwords you are not supposed to know! pic.twitter.com/XL2JFk122l
— e-sushi (@originalesushi) March 31, 2019
The additional login step was noticed over the weekend by a cybersecurity watcher on Twitter called “e-sushi.” The Daily Beast tested the claim by establishing a new Facebook account under circumstances the company’s system might flag as suspicious, using a disposable webmail address and connecting through a VPN in Romania. A reporter was taken to the same screen demanding the email password.
“By going down that road, you’re practically fishing for passwords you are not supposed to know!,” e-sushi wrote in a tweet.
Small print below the password field promises, “Facebook won’t store your password.” But the company has recently been criticized for repurposing information it originally acquired for “security” reasons.
Last year Facebook was caught allowing advertisers to target its users using phone numbers users provided for two-factor authentication; users handed over their numbers so Facebook could send a text message with a secret code when they log in. More recently the company drew the ire of privacy advocates when it began making those phone numbers searchable, so anyone can locate the matching user “in defiance of user expectations and security best practices,” wrote the Electronic Frontier Foundation, a civil liberties group.
Facebook also has a checkered history when it comes to securely handling passwords. Last month the company acknowledged that unencrypted passwords for hundreds of millions of its users had been stored for years in company logs accessible to 2,000 employees. READ MORE