What am I missing here? I have to type my password when I log in to Facebook. They are probably storing a hash of each of the users passwords (after changes) and then comparing against index[0]?
So what are they doing with that? How can they verify it? Are they actually logging into your email account with that? Surely (BigCompany) measures would prevent that?
They send you a confirmation email, and then, instead of you logging into your emailaccount and clicking the verification link, they ask your emailacount password and log into your emailaccount for you and click the verification link for you.
