Responding to the latest in a never-ending series of security snags, Facebook has promised to stop requesting for email passwords in order to verify new accounts.
First reported by The Daily Beast, it came to light this week that Facebook was asking some new users for the sensitive information.
Initially defending the practice, Facebook said it only impacted a small fraction of new users, and that it never stored their email passwords.
Additionally, Facebook said the tactic was necessary because the users in question had email addresses that didn’t support OAuth -- an open standard that lets users verify their identities without revealing their passwords.
Yet, in response to mounting criticism, Facebook has seen the error in its ways.
“We understand the password verification option isn’t the best way to go about [vetting new users], so we are going to stop offering it,” the company stated.
For Facebook, the practice is remarkable for a number of reasons.
First, the company must appreciate the worth of an email password, which can be used across the Web to access all manner of sensitive information. Second, rather than assume the risk associated with handling users’ email passwords, Facebook would be wise to tread more carefully.
Indeed, the company rarely goes more than a week without some embarrassing security issue announced.
Most recently, Facebook said the passwords of hundreds of millions of users might have been exposed to its own employees. Late last year, Facebook said it might have mistakenly overshared the photos of nearly 7 million users.Research shows that consumers are more concerned about their personal privacy than ever before.