FaceBook is Secure!

FB is so secure that even an account owner cannot login if two-factor authentication is turned on for a cell phone that no longer exists.

[Skip Lamentations and go directly to Proof of Life photo below]

I lost access to my Facebook account as a result of FB’s two-factor authentication ‘feature’ (though it seems more like four-or-more factor authentication, given all the optional contact info FB has for me). 

I made the mistake of allowing FB to pester me into giving them a cell phone number a couple years ago. Unfortunately, that cell phone went extinct due to the provider no longer supporting it. On Mar 4 I had to clear cookies to resolve a problem with our local bank’s new online portal. Now FB will not let me login without also entering a code FB is texting to a non-existent cell phone (I was able to login to all other sites, even a couple using two-factor authentication, since they are smart enough to offer to call a landline and vocalize the two-factor code).

Facebook apparently has no option to use an email (or alternate email) as a ‘second factor’ (though either email is apparently considered good enough for password reset codes).

Nor does FB offer to call our landline phone and vocalize the code (despite landlines being far more secure than cell phones, which are easily lost, stolen, or dropped into public toilets). 

FB does provide an option to upload a picture of a government issued photo ID,  But that doesn’t work either, because FB software will only accept a picture taken by the cheap web cam on my laptop, with no option to upload a picture from a better digital camera. Naturally, FB rejected the web-cam photo of my driver’s license and wants me to use the crappy web-cam to take a picture of a different photo ID (of which I have none). 

WV driver’s licenses (like many states I presume) are laminated (i.e. very glossy/reflective) and are intentionally designed to make the license very difficult to photograph or photocopy, with three holographic images embedded within the lamination and subtle colors on the license. No wonder FB has so many zombie accounts that are impossible for the account owner to recover.

I even tried resetting my password (which I was allowed to do). The first time I tried, FB rejected my attempt for having typed my email address ‘too fast.’  Of course, ‘too fast’ will be the result for anyone using the auto-fill feature of any modern web-browser or password manager. Despite eventually being allowed to change the password from an alternate email address, FB still wouldn’t let me actually login without providing a code they were texting to a phantom phone.

I did learn that there is a method for logging in when you don’t have access to your cell phone (or, if like ours, it becomes extinct). But you need to have previously generated and saved a set of emergency authentication codes. If one doesn’t discover this option till after not being able to login, it’s too late. Another hedge against being locked out by two-factor authentication is to keep two or more devices or browsers logged into FB (alas, I was previously only logged in from my laptop).

Unsurprisingly (given the size and absurdity of the bunker mansion Zuck is building), it’s apparently impossible to contact FB via email or any other way, especially if you can’t login. All  FB email addresses I found via duck-duck-go/google seem to bounce. In fact, many web pages on ‘how to contact FB’ suggest using Twitter or LinkedIN after you realize there’s no functional way to contact FB via email, web-form, chat, or phone (as if using some other social media to contact FB stands a snowballs chance, duh!!!)). 

Even after creating and logging in to a new account, I couldn’t find anyway to contact FB for actual help, nor any live-esque chat intended for lowly FB users (there were options for advertisers, but not for users FB’s advertisement revenue depends upon).  I did leave several 500 character feedback sound bytes by clicking ‘No’ on the ‘Did this help?” option at the bottom of every FB help page that didn’t help.

The only way I could find to leave a longer, account specific message to FB was to create a new account and leave a ‘suggestion’ about logins, which will likely never be read by any one who can actually help me. Apparently the people I need to contact are well protected behind many veils and dead end ‘help’ pages (if such people even still exist at FB).

As a last Hail Mary to recover my original account I may resort to sending a registered letter to Mark Z at 1 Hacker Way, Menlo Park, CA.

In the meantime, Don Alexander is my new account (rather than Don Alejandro). If you’re one of my FB friends please send me a friend request as I’m not optimistic about the chance of FB allowing me to access my original account – and from what I can tell from having sent a few friend requests, most of my friends seem to reflexively ignore friend requests that might be coming from a clone of someone they’re already friends with (see ‘proof of life’ photo below the not-a-clone certification).