In 2018, Facebook had its worst year ever following the disclosure of Cambridge Analytica’s misuse of consumer data. However, four months in and Facebook’s 2019 isn’t looking much better. Thus far, the tech giant has been sued for discriminatory housing practices, criticized for insecure data storage, and threatened with dismantling by a U.S. senator.
Now, once again, Facebook is facing scrutiny for its unsavory business practices. Namely, the corporation has raised eyebrows by asking its users for their email passwords.
Why Facebook Wants User Email Passwords
Recently, Facebook has greeted users with an unusual prompt when logging into the site. The notice explains that to continue using the social network, consumers need to confirm their sign-up emails by inputting their email passwords.
However, cybersecurity experts have pointed out Facebook’s new confirmation method is a terrible data security practice. Security expert Jake Williams told The Daily Beast, “They should not be taking your password or handling your password in the background. If that’s what’s required to sign up with Facebook, you’re better off not being on Facebook.”
A company spokesperson explained that users had other options to verify their accounts, such as confirming a security code sent to their phones. But Fast Company pointed out this option had to be sought out by clicking a help link. The tech giant’s preference was to collect highly sensitive personal data.
Following the reveal of its new practice, the Silicon Valley firm has shut down its email verification initiative.
Pro tip: If Facebook (or any other site) ever asks for your email account password, the only proper response is: GTFO
Seriously, how did this *ever* get the green light in the first place? https://t.co/RiHt9RT2P4
— Kenn White (@kennwhite) April 3, 2019
Can We Trust Facebook?
The Big Tech organization also claimed they weren’t storing passwords, just using them for account authentication. That assertion is a bit hard to believe given Facebook’s recent spate of privacy scandals. Just weeks ago, users found phone numbers disclosed for two-factor identification purposes were made publically searchable.
Moreover, Facebook doesn’t always know what data it’s collecting on its users. Recently, Facebook discovered Facebook Lite, a low-data version of its network, had a serious network malfunction. A bug ended up archiving millions of user credentials in plaintext over a period of seven years.
Facebook only discovered that massive security vulnerability after running a security check following a massive data breach in October 2018. Consequently, it seems the corporation isn’t in control of the data flowing through its massive network. So, how can it reasonably ask consumers to trust them with email passwords?
Similarly, the tech firm’s demand that users give up sensitive personal information doesn’t fit with its leader’s pledge to make the platform more secure. In March, Facebook CEO Mark Zuckerberg wrote a long blog post outlining his vision of turning the network more privacy-focused.
More recently, the executive publically called for more regulation of the tech industry with privacy as a key point of concern.
If Zuckerberg is really serious about making his company secure and private, collecting data that would put users at greater risk doesn’t make sense. In reality, it seems the company is just up to its old tricks once again. Publicly, Facebook makes pronouncements about doing the right thing but privately it will keep doing whatever it wants.