Facebook demands email account password while a user sign up for a new account. This info. first came up when a cybersecurity expert e-sushi post a screenshot on his twitter handle explaining this issue. Let me first paste the screenshot below so that you’ll better understand what I am saying.
Now, as you can see in the screenshot above, Facebook ask him to give his email account password to further initiate the account creation process. If you look more closely the local part of the email address is hidden. However, the domain part (which is important) is visible i.e. @gmx.net. Now, one can easily create a custom email address like this by simply purchasing a domain. Therefore, it also questions the accountability of this type of email address. So, we think why not research some more about this part.
Facebook Demands Email Account Password but from whom?
When we complete our research we find Facebook asks only those users to provide their email’s password that doesn’t support OAuth. OAuth is an Open Standard Token Based authentication. If a domain supports OAuth Facebook automatically authenticate with the email address on that domain. Giant companies like Google, Facebook, Twitter are using this security standard.
Facebook explain The Daily Beast (who first cover this issue), they ask for this data only from the new users. Moreover, when their email address not supporting OAuth. Anyways, they have now removed this requirement because they are going to implement new way of Authentication.
One of the Facebook Spokesperson told Daily Beast, the company looks forward to authenticate via Mobile OTP or Email OTP.
Now, sending an OTP to your Mobile requires your Mobile number. If you remember last year Facebook let advertisers target users via their Phone number. Users on the other hand provide their phone number to the platform to activate 2-Factor-Authentication. The scandal went viral that time.
We ask for the credibility and security of Facebook because in past the company gives us great examples of data leak. Doesn’t matter we talk about Cambridge Analytica or Storing unencrypted passwords of million of users accessible to Facebook employees.