Facebook is asking users to disclose passwords to their personal email accounts in order to access the social networking platform, the media reported. A message has been flashing on some Facebook users’ log-in screen, demanding them to enter the password of the email ID they built their Facebook account on, The Daily Beast reported on Tuesday.
“To continue using Facebook, you’ll need to confirm your email,” the message demands, followed by a form asking for users’ email password.
How widely the new measure was deployed remains unclear. In a statement, Facebook said users retain the option of bypassing the password demand and activating their account through more conventional means, such as “a code sent to their phone or a link sent to their email”.
“We understand the password verification option isn’t the best way to go about this, so we are going to stop offering it,” the report quoted Facebook as saying.
The additional login step was noticed over the weekend by a cybersecurity watcher on Twitter called “e-sushi”. The requirement from Facebook, which is already ill-reputed for user data and security breaches, has started making the rounds merely two weeks after Facebook admitted to having had stored around 200-600 million user-passwords in plain text, searchable by over 20,000 Facebook employees.