
Ask HN: Can I store someone's Facebook password? - twfbaskhn
I&#x27;m building a service that logs in to someone&#x27;s Facebook account and automates some tasks on there. This runs in the cloud without explicit login from the user, after we have initial permission. The easiest way for me to do this is to simply ask them for their Facebook password and store it on my servers. However, I suspect Facebook might not approve of this? I&#x27;m having trouble wading through their docs and finding anything relevant about approved ways of doing this. Any suggestions?
======
Nextgrid
As long as you're transparent about it and there's no other way to do this (I
assume the API doesn't provide the features you need), it's a necessary evil.

However your biggest concern will be that logging into an account from a
different area & ISP than the user will raise security alerts and lock the
users out. I suggest you make a client-side solution instead (a desktop app or
even a browser extension) so it operates from the same IP address that the
user has.

~~~
newtwforgotold
Yea seems like the biggest problem will be Facebook’s hairpin ban hammer if
IP/geo/whatever isn’t to their liking. Good suggestion re client side, will
consider that as an option. Any other discussion groups you’d suggest on this
topic?

------
craftoman
Correct me if I'm wrong but I think it's unstable, you could lunch it and
eventually got shutdown by Facebook or users might get annoying security
alerts every time. I don't think it's possible because Facebook will get a
tons of login requests from the same IP address (your cloud).

------
ecesena
I sincerely hope you’re kidding and the people who replied positively are your
fake accounts.

By doing that, you’re app will be almost immediately blocked, hopefully
banned, and likely also the user accounts banned.

The right way to do it is using fb api under its limitations. In addition, if
I recall correctly, you’ll need to refresh user’s token every 30d, so you prob
want an excuse for your users to come back to your site frequently, e.g. via
an email that shows weekly stats.

~~~
gesman
No need to go ballistic over OP's Q.

Automation of tasks is in demand and is a good win-win business model.

There are different ways to do that - API could be the one, and different
services do store users passwords to help users to do what they want and need.

No need to scream "banned".

~~~
newtwforgotold
Indeed there are many legit use cases and new tech that could be built on top
of these platforms if they were more open.

GP brings up a good point about some recurring login mechanic, maybe something
like that would work.

PS. Any other recommended sites to discuss this topic?

------
raquo
They will not like that, and will likely take action against either you or
your users (depending on the nature of your service) if they notice. Approved
way is to use their API.

------
wprapido
Storing a password itself is not an issue. Password managers like LastPass do
that. The automation bit is what might get you into uncharted waters though.

