How secure could this be?
I’ve refused to engage this way before. Don’t they have access to my email?
I think these websites are using your email address for the login username for their website, and then are asking you to create a password to access the site. Generally, one would create a password different from one’s email account password.
You might be confused. You’re not supposed to enter the password to access your email to the site or use the same password when setting up an account at that site. Using the same password for different things isn’t very secure because if one site is compromised, hackers will use the credentials stolen in that breach to access other sites.
How secure any particular site is depends on how they are setup on their backend. Some are extremely secure and some are not secure at all. Some sites store user passwords as plain text. That’s bad.
Even if you used the same password as your email program, that does not grant access to your emails themselves. The company cannot read your emails directly, if that’s what you mean?
Many years ago (2006?) my sister asked me to setup a Facebook account. It also wanted my email password. I laughed in its face, and it has never darkened my door again.
Yes, if you give anyone your email address and your email password, they can open your email.
No, Facebook doesn’t want your email password. It wants your email address and a novel Facebook password.
Actually Facebook does ask if you’d like Facebook to access your e-mail account and copy your contact info, so it can suggest them as your Facebook friends. Of course this is strictly optional.
Yes, it’s not a requirement.
You are not supposed to use your email password (or any other you have), you should make up a unique password for that site. But this technique is ripe for a scam because so many people will just enter their email password. Now, if you will excuse me, I have to design a website that sends free holiday gifts to your grandchildren if you sign up today.
I had a credit card company ask me for my Bank password so they could set up online bill pay.
I canceled the card for having the gall to ask such a thing. I pay pretty much everything online. Not once have I ever been asked for my bank’s password. WTF?
There’s also social login which allows you to log in to a site using authentication from another place where you’ve already got a login, such as Google, Facebook, Twitter, etc. In that case you are not sharing your password with the site, you are indeed logging in via the other site. The other site sends back a token to the original site letting them know you’re authenticated. There’s no local storage of passwords and the original site doesn’t know your third party site’s login info. There is some sharing of other data, though (like, your Facebook email address for example) which should be outlined when you choose the third-party login.
You could have just ignored the request; there was no need to cancel the credit card. If you want the credit card company to initiate the payment from your bank, they may need access to your account to do so.
(I have email from Chase asking me to provide my annual salary, as doing so “may qualify me for a credit limit increase.” I’ve ignored that request and never considered cancelling my credit card account over the request.)
I have a yahoo address that I use for sites like this. When you go to a store and they want your email to send you promotional stuff, etc. I’m very careful about giving out my main email address. As a result, I get virtually NO spam at my main address and nothing but spam at my yahoo address.
And no, they don’t want your email password (why on earth would they??), they want you to CREATE a password to use on that particular site.
While Grrr! could have just ignored that request, I’d assume that any credit card company doing something as security-blind as asking for banking passwords is probably doing other stupid things with their security, too, and that it’s thus safest to have nothing at all to do with them.
They don’t need my password. They could use my debit card or account number like every other company does.
Exactly.
OP here. To clarify: My experience was that it wanted my email address to use for my name, to ID me, for the purpose of registering me to purchase on their site. If I enter a newpassword I get the message that it is wrong, and to enter a “correct” password. To me this means they want my actual password, and I can’t make one up.
Maybe I’m wrong and I just need to put dummy entries in in a way I haven’t seen.
See above. They wouldn’t accept a “new” password.
I used to have a system of mulit email addresses but after a while “viruses” got into my system. Life caught up with it.
Is the message saying that the password does not meet their security requirements? Some sites have restrictions; the password must be at least eight characters, must have some uppercase letters and some lowercase letters, must have numbers, must have a special character, etc.
I think they are asking you to log in with the password you previously created for THAT site. There’s usually a separate button for setting up an account on the site.
I can’t recall ever being asked for my email password. I mean, maybe Facebook did (I would have said “no”) but it’s super-rare. I’m pretty sure you are misunderstanding.
Yeah, it sounds to me like the OP doesn’t yet have an account on the site, and is clicking a link to “Log In”, instead of the link to “Sign Up”.