Locked out of your Facebook account because of two-factor authentication? Learn from my mistakes

I lost access to my Facebook account and there’s nothing I can do about it

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Like many of its users, I enabled 2FA (ortwo-factor authentication) on Facebook to protect my account more effectively. It was a doddle to add it to one of thebest authentication appson the market. However a catastrophic chain of events meant that I lost access to my Facebook account permanently and there’s nothing either myself or anyone else (including Facebook) can do.

A cautionary tale for those who embrace 2FA with aplomb; as a security feature, it will significantly cut the number of compromised accounts by making it far more difficult to use compromised login details. However, its implementation is not without pitfalls, even for a technology behemoth like Facebook. Given that you cannot create two Facebook accounts with the same email address and its ubiquitous use as anidentity managementsolution.

It all started when I couldn’t restore the backup of my authenticator app. While Twitter allowed me to use a backup email to momentarily disable 2FA, Facebook didn’t offer such a solution. Instead, it suggested that I use the mobile Facebook app to generate a code (Scroll down and tap Code Generator under Settings & Privacy) or approve it from another device which is out of question given that my desktop browser was the only place where I ran an instance of Facebook. Why Meta thought running two instances of the social network is the norm is beyond me.

Above is the list of options offered to me when I clicked on the “Need another way to authenticate?” link. There’s only two, none of which are useful to solve my problem. In many instances, two other options will appear, the ability to send a login code and the ability to manually confirm your identity, none of which are available here.

What’s disappointing is that you can reset your password (Facebook sends you an 8-digit password reset code) using areset account page, the process doesn’t account for any 2FA-related snafu. For security reasons, you can’t use the same mobile phone number that you use for two-factor authentication to help you reset your password. Ironically, my misadventure came on the day thatMicrosoft, Apple and Googleannounced that they want to collaborate to make passwordless logins mainstream. Rather fittingly, that was on World Password Day. So while you may have thebest password manager, messing up with your authenticator app and having a service provider that doesn’t offer a full range of recovery options may end up causing you a hell lot of trouble.

What can you do?

What can Facebook do?

Offer more ways for Facebook users to recover their accounts in case of technical issues that don’t rely on 2FA or a mobile app. In my case, I am not offered email, the option to upload documents to prove my identity or text/SMS to help me out of my ordeal? Why? I don’t know. I still have access to my login and password and Facebook is sending me updates via email and on the login page (see below). Other security features the world’s largest social network could implement include usingWhatsapp(or Instagram), theotherpopular services owned by Meta, using browser fingerprinting or facial recognition.

As it stands, I am still locked out of my Facebook account, which may or may not be a blessing in disguise. Only time will tell.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled inwebsite buildersandweb hostingwhen DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

7 myths about email security everyone should stop believing