OPEN IN APP

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.

Facebook was asking for some new signups' email passwords as a means of verification.

Jaap Arriens/NurPhoto via Getty Images

You won't need to give Facebook your email password to sign up for a new account anymore.

After a Twitter user called out the social media giant over the practice on Sunday, Facebook has backtracked on the verification requirement.

When some people signed up on Facebook, instead of getting a verification email or a code sent to their phones, they would instead get a prompt to enter their personal email's password to verify their new accounts -- essentially giving login credentials to the social network. The news was first reported by the Daily Beast.

A Facebook spokesperson said that the passwords are not stored by the social network and that the verification method was only available to a "very small group of people." Facebook did not clarify how many people were shown this prompt. The feature was originally designed for people signing up on a web browser and using email providers that don't support OAuth, an open-source protocol that acts as a key for logins. 

"That said, we understand the password verification option isn't the best way to go about this, so we are going to stop offering it," Facebook said in an emailed statement on Tuesday.

Video: Here's how to use Google's Password Checkup tool

In March, Facebook CEO Mark Zuckerberg announced that the social network would be shifting to a privacy-focused platform, with security as a major talking point. Since then, however, Facebook has been at the center of multiple privacy and security lapses.  

The email password incident, for instance, follows the revelation last month that Facebook stored hundreds of millions of passwords in plain text on its internal servers, meaning they were open for staffers to see. In both cases, there was concern that the social network could see the login credentials. Facebook said it has never seen the passwords used for verification, although the feature had been available for several years.

Also last month, researchers disclosed a browser bug affecting Facebook Messenger that allowed snoops to read messages, and Facebook was caught tying phone numbers used for two-factor authentication to friend searches.

First published at 4:01 a.m. PT.
Updated at 4:45 a.m.: Adds more detail, at 5:29 a.m.: With response from Facebook. 

Comments

Tags

DIY Tech

How to tips and tricks for getting the most out of all your tech delivered to your inbox.

Tech Today

Video: Google ditches Android dessert code names, iPhone may go Pro

More From Security

More From CNET