Facebook has one of the worst reputations for privacy and security of personal information in the entire tech industry. It admitted last month that the passwords of up to 600 million users had been stored in plain text and were accessible to 20,000 employees. The company is facing a criminal investigation over sharing user details without the consent of the user and the social network is also facing an FTC fine in the billions of dollars range.
With all the problems that Facebook has encountered with sharing user data without permission, it would make sense that it wouldn't want access to information that it didn't need. However, reports indicate that Facebook is now asking some new users to give the password to the email account they are using to sign up for a new Facebook account.
Users are seeing a message that says, "To continue using Facebook, you’ll need to confirm your email. Since you signed up with [email address], you can do that automatically …" the form then asks for the user email password. Security consultant Jake Williams says that what Facebook is doing by asking for the email password is "beyond sketchy." Williams also says that Facebook shouldn't be handling email passwords in the background and that if you need to give up such personal data, you are better off without a Facebook account.
Facebook has defended itself stating that it doesn't store the email passwords. It has also stated that it knows asking for the email password isn't the best way of verifying an account and that it will stop asking for that information altogether. Facebook points out that the users had the option of verifying an account via a phone number or a code sent to their email even when asked for their email password. However, those other options were only offered to users who clicked on the "Need Help?" text in the corner of the page.