Responding to the latest in a never-ending series of security snags, Facebook has promised to stop requesting for email passwords in
order to verify new accounts.
First reported by The Daily Beast, it came to light this week that Facebook was asking some
new users for the sensitive information.
Initially defending the practice, Facebook said it only impacted a small fraction of new
users, and that it never stored their email passwords.
Additionally, Facebook said the tactic was necessary because the users in
question had email addresses that didn’t support OAuth -- an open standard that lets users verify their identities without revealing their passwords.
Yet, in response to mounting criticism, Facebook has seen the error in its ways.
“We understand the password verification option isn’t the best way to go about [vetting new users], so we are going to stop
offering it,” the company stated.
For Facebook, the practice is remarkable for a number of reasons.
First, the company must appreciate the worth of an email password, which can be used across the Web to access all manner of sensitive
information. Second, rather than assume the risk associated with handling users’ email passwords, Facebook would be wise to tread more carefully.
Indeed, the company rarely goes more than a week without some embarrassing security issue announced.
Most recently, Facebook said the passwords of
hundreds of millions of users might have been exposed to its own employees. Late last year, Facebook said it might have
mistakenly overshared the photos of nearly 7 million users.
Research
shows that consumers are more concerned about their personal privacy than ever before.