Scams evolve with other technology. Using a third-party site to log into another site lessens the number of passwords you need to remember, however this scam gives your Facebook log-in info to hackers and could fool all but the most sophisticated users.
Ars Technica published the details of this new scam.
This was noticed because some users were not getting the expected auto-fill from their password manager (you *are* using a password manager, aren’t you?)
I use the open-source KeePassXC and the compatible Keepass2Droid to generate and store my passwords (I only need to remember *3* passwords!!). These programs use a “key file” as part of the log-in and I use Dropbox to sync the automatically-encrypted password database file (not as complicated as that sentence!).
My important sites, (especially Google, where Chrome stores my passwords, too) are set to require two-factor authentication (2FA) using Authy. This is ALL FREE and does not take much extra time.
I am willing to consult with my friends and associates! (I’ll use shorter sentences!) Contact me.