Asking for passwords has been an industry standard for a decade or more. Bad security practice? Yes IMO but companies have been getting away with it.
Besides Facebook I can think of LinkedIn and Mint as two big examples of SaaS that ask for 3rd party passwords. Mint is even getting your banking information, whereas LinkedIn and Facebook were just doing contact import.
And of course before the era of SaaS giving applications passwords was normal, e.g. putting your email passwords into an email client like Eudora or Thunderbird. It only really becomes questionable in SaaS where the passwords inevitably end up on a server somewhere subject to a data breach, or, in Facebookâs case, misuse by another piece of its own software.
Besides Facebook I can think of LinkedIn and Mint as two big examples of SaaS that ask for 3rd party passwords. Mint is even getting your banking information, whereas LinkedIn and Facebook were just doing contact import.
And of course before the era of SaaS giving applications passwords was normal, e.g. putting your email passwords into an email client like Eudora or Thunderbird. It only really becomes questionable in SaaS where the passwords inevitably end up on a server somewhere subject to a data breach, or, in Facebookâs case, misuse by another piece of its own software.