Kevin Poulsen, the Daily Beast:
Facebook users are being interrupted by an interstitial demanding they provide the password for the email account they gave to Facebook when signing up. “To continue using Facebook, you’ll need to confirm your email,” the message demands. “Since you signed up with [email address], you can do that automatically…”
A form below the message asked for the users’ “email password.”
“That’s beyond sketchy,” security consultant Jake Williams told the Daily Beast. “They should not be taking your password or handling your password in the background. If that’s what’s required to sign up with Facebook, you’re better off not being on Facebook”
It was just two weeks ago that Facebook admitted to storing the passwords of 600 million users in plain text logs.
Even setting aside that critical story and Facebook’s appalling track record on privacy — generally, but also when it comes to account security features — this is teaching users that entering the password to their email account is okay as long as they see some recognizable brand name on the page, regardless of whether it matches their email provider.
A reminder that it was just a year and a half ago that Facebook asked for users’ nude photos, too. I’m trying to think of what else they could possibly want from users that they don’t already have. A blood sample, perhaps?
Update: Facebook says that they will stop doing this.