« Back to the blog

Password Privacy

Spokeo is committed to protecting your private information.  For more about this, check the privacy links to the right.

Why does Spokeo ask for passwords?

Spokeo does not require you to supply third-party passwords to use the service.  You can sign up for Spokeo using any email address and password of your choosing.  However, providing this information will significantly enhance your experience on the site.  Spokeo is all about finding your friends’ content based on relationships you have already established in your other networks and through email.  You could enter all this information manually, but why would you?

Why does Spokeo ask for my email password?

This is for your convenience, so that we may quickly and easily find your friends and their content.  If you don’t want to give Spokeo your email password, you can still add your friends manually.  The Import Friends page accepts the standard CSV (Comma-Separated-Values) files exported by most email programs.  You can also add friends individually by entering their email address or profile URL into the search bar.

I don’t want you reading my email.

Honestly, we don’t want to read your email either – we get enough as it is.  Your email password, should you choose to trust us with it, will be used once and only once to retrieve a list of your contacts’ names and email addresses.  We do not store your email password, and are therefore unable to access your email account.

Let’s pretend I trust Spokeo, are my passwords safe?

Yes, Spokeo does not store your passwords directly.  Spokeo employees do not have access to them.  Even if our database got haxored by mean script kiddies, your passwords would still be safe.

Wait, I smell something fishy.  When I log back in to Spokeo, I use my email password!  How did you know it!?

Spokeo uses modern cryptographic hash functions to store your login password.  Specifically, we store a one-way hash of your actual password.  This means that we can verify when you have correctly entered your password, but don’t actually know it ourselves.  The mathematicians tell us this is safe, and your banks and financial institutions do the same thing.

Okay, but what if I give you my social network account password?  Don’t you need that to access my friends’ private content?

Yes, this is a tricky case.  What we do here is store a hashed version of your social network password that can only be unlocked using your login password.  This means that we only have access to your social network password at the moment you login.  We quickly grab your friends’ stuff and then forget your password.  Your social network password is never stored insecurely.

I’m still not entirely comfortable giving you my passwords.

That’s understandable.  Spokeo also supports Google, Yahoo! and Windows Live (Hotmail) authentication APIs. This allows security-conscious users to create a Spokeo account without handing over their webmail credentials.

What about AOL?

Unfortunately AOL doesn’t provide a webmail authentication API. We fully intend to support one, should they ever implement it.

Where can I learn more?

You can read about Google AuthSub here, Yahoo! BBAuth here, or Windows Live (Hotmail) Delegated Authentication here.