X

Facebook will no longer ask for your email passwords

It had been using them to verify some new accounts.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
See full bio
Sean Keane Former Senior Writer
Sean knows far too much about Marvel, DC and Star Wars, and poured this knowledge into recaps and explainers on CNET. He also worked on breaking news, with a passion for tech, video game and culture.
Expertise Culture, Video Games, Breaking News
See full bio
Alfred Ng
Sean Keane
2 min read
Internet Technology Photo Illustrations

Facebook was asking for some new signups' email passwords as a means of verification.

 Jaap Arriens/NurPhoto via Getty Images

You won't need to give Facebook your email password to sign up for a new account anymore.

After a Twitter user called out the social media giant over the practice on Sunday, Facebook has backtracked on the verification requirement.

When some people signed up on Facebook, instead of getting a verification email or a code sent to their phones, they would instead get a prompt to enter their personal email's password to verify their new accounts -- essentially giving login credentials to the social network. The news was first reported by the Daily Beast.

A Facebook spokesperson said that the passwords are not stored by the social network and that the verification method was only available to a "very small group of people." Facebook did not clarify how many people were shown this prompt. The feature was originally designed for people signing up on a web browser and using email providers that don't support OAuth, an open-source protocol that acts as a key for logins. 

"That said, we understand the password verification option isn't the best way to go about this, so we are going to stop offering it," Facebook said in an emailed statement on Tuesday.

Watch this: Here's how to use Google's Password Checkup tool

In March, Facebook CEO Mark Zuckerberg announced that the social network would be shifting to a privacy-focused platform, with security as a major talking point. Since then, however, Facebook has been at the center of multiple privacy and security lapses.  

The email password incident, for instance, follows the revelation last month that Facebook stored hundreds of millions of passwords in plain text on its internal servers, meaning they were open for staffers to see. In both cases, there was concern that the social network could see the login credentials. Facebook said it has never seen the passwords used for verification, although the feature had been available for several years.

Also last month, researchers disclosed a browser bug affecting Facebook Messenger that allowed snoops to read messages, and Facebook was caught tying phone numbers used for two-factor authentication to friend searches.

First published at 4:01 a.m. PT.
Updated at 4:45 a.m.: Adds more detail, at 5:29 a.m.: With response from Facebook.