There's no way that identifying it as an "anti pattern" is going to kill the practice of requesting credentials for other sites. For one thing, it's being done on the majority of social networking sites out there, including all of the most reputable ones, and for another thing it's something that a lot of people find very convenient.<p>At best, it'll become like opening zips and exe files. Users will have to become aware of the potential dangers, but the practice of providing the files will remain.
Yes but surely there are some legal issues abound here? these social networking sites are facilitating the data trawling applied by phishers and identity fraudsters.<p>I'm currently researching the PCI DSS for my employer, and I'm seeing this as the next potential milestone in security compliance. It's not just a matter of the general public becoming aware of the risks, like they have with credit card info, the users of the data must set in place secure standards to deal with identity data.
<a href="http://news.ycombinator.com/item?id=364901" rel="nofollow">http://news.ycombinator.com/item?id=364901</a><p>another contender for this suspect behaviour, for reference
Interesting note about placement of email address field adjacent to password field in light of contact importing becoming a defacto step in signup processes.