Facebook has been caught red-handed practicing the worst ever user-verification mechanism that could risk the security of the users. Usually, social media and / or the other online services ask the users to confirm a secret code or a unique URL that has been sent to their email addresses they have provided for their account registration. Lately, Facebook has been found asking some of the newly registered users to provide it with the passwords to their email address which as per the security experts is a security risk and could threaten the privacy and security of its users.
This incident has been first noticed by the Twitter account e-Sushi who was using the handle @originalesushi, Facebook has been prompting the users to provide their passwords for the third-party email services in the bid to verify the email addresses by the company. Although, the prompt for the password for the email accounts appears from certain email providers that the Facebook considers being suspicious.
Ironically, this news came out two weeks post the Facebook has admitted that it has stored some passwords mistakenly of hundreds of millions of its users for years in the company log insecurely in plaintext which were accessible to 2K employees of Facebook. The social media company has stated in Daily Beast that Facebook have confirmed that though there are some ‘dubious’ verification process but they does not store the user-provided email passwords on its server. Facebook also said that it is soon going to cease the procedure of asking the email passwords as it believes that the password verification procedure is not the best option to stick with. It was also noticed that the users who were asked to provide their email passwords could not opt for the other verification methods like the passcode sent to their registered phone numbers or a link to their email address by clicking the ‘need help’ button on the page.