Facebook started 2FA

[disneysteve]

I woke up today and turned on my phone to collect bonuses on a couple of games I play, check Facebook, email, etc. the usual morning routine. I was met with a screen saying my Facebook account was locked on July 15 (mind you I used it right before going to bed last night, July 18, and it worked fine). I needed to set up two-factor authentication. I hate that but I do it if I have to.

I had a choice of text message or Authenticator app and chose text. I didn’t want yet another app. Entered my number and waited and nothing happened. No text. Tried again. No text. Tried on the desktop. No text. The screen said if you’re not getting the text you might need to update your security settings, except that requires logging into your account which I couldn’t do.

Gave up and installed Google Authenticator only to discover that it’s either $50 for a year or $70 for lifetime. No thanks. Then I installed Duo Mobile which seems to be free and was finally able to get back in to Facebook. What a pain.

For those that say I should just not use Facebook, that also means no Facebook Messenger which I use all the time to communicate with friends across the country and internationally. We have a private FB group at work. I sell on FBMP. And lots of other reasons why I’m not willing or interested in leaving the platform.

Long winded story to tell you that if it hasn’t already happened to you, you can expect 2FA to find you soon with Facebook.

 

[COcheesehead]

Nothing yet on mine.

 

[disneysteve]

Nothing yet on mine.

My wife and daughter didn’t get it either.

I don’t know what I’ll do when my mom gets it. 2FA is really a pain with her. She doesn’t have a smartphone so that means she gets locked out of something, I get the text, have to call her and walk her through what to do which is always a challenge.

 

[easysurfer]

Is FB pushing 2FA on everyone now? I thought 2FA on FB was optional. 2FA on FB has been around a long time. From what I've experienced, FB is pretty good about not constantly bugging you to authenticate. In other words, you can set up, then say the device is recognized and trusted.

I'm a fan of using 2FA as better than the alternative of getting the FB account hacked and taken over. I've known a few people recently that got their FB accounts stolen so they have imposters now.

There are free authenticator apps out there besides Google Authenticator. I've learned, it's important to have a backup of those QR codes. Backup either with the app if that's possible, or another method copy (printed or screenshot). Otherwise, if you happen to change phones, that's a headache to try and have the codes back, if at all.

 

[REWahoo]

I was met with a screen saying my Facebook account was locked on July 15 (mind you I used it right before going to bed last night, July 18, and it worked fine).

Any "account locked" message sets off alarm bells for me. Careful of being scammed.

 

[disneysteve]

Any "account locked" message sets off alarm bells for me. Careful of being scammed.

It was when I tried to log into Facebook so there was no way around it other than to set up 2FA. Once I did that everything was fine.

 

[disneysteve]

Is FB pushing 2FA on everyone now? I thought 2FA on FB was optional

It definitely wasn’t optional today. It was the only way it would let me back into my account.

 

[FLSUnFIRE]

I have 2FA on FB (and like FB, I am active on quite a few groups and keep in touch with so many friends on it. It's far from perfect but much better than pre-FB.) Since FB is used to log into so many other accounts (is an option) 2FA is important even though I only use it for a few other social sites like meetup. I just found out one of my friends was hacked and was not able to regain their account. The hacker used her account to contact her "friends" requesting money for an emergency. She lost all her history on FB.

 

[easysurfer]

I have 2FA on FB (and like FB, I am active on quite a few groups and keep in touch with so many friends on it. It's far from perfect but much better than pre-FB.) Since FB is used to log into so many other accounts (is an option) 2FA is important even though I only use it for a few other social sites like meetup. I just found out one of my friends was hacked and was not able to regain their account. The hacker used her account to contact her "friends" requesting money for an emergency. She lost all her history on FB.

Yes. Similar stories to some of my friends and family. I think the hack started with one of those silly challenge type games and asking for their phone numbers. Of course, a phone number is a key piece of data for hackers. I then got a "What's your number?" from an imposter relative. I knew it was a fake so ignored then blocked.

 

[5Miler]

Facebook is another site that offers the Security Key option for 2FA and you can then disable SMS 2 Factor. I used SMS 2 Factor on Facebook for a long time, just recently switching to Yubikey. Last month I reloaded Linux on one of my laptops and had to jump through the normal hoops to first install 1Password on it and then setup access to Facebook with my password and my Security Key.

I had too many family members hacked on Facebook to let it ride the way it was.

 

[cranberryjoe]

Gave up and installed Google Authenticator only to discover that it’s either $50 for a year or $70 for lifetime. No thanks. Then I installed Duo Mobile which seems to be free and was finally able to get back in to Facebook. What a pain.

Google Authenticator is free. If you installed this $50 version, you better run a malware scan.

 

[disneysteve]

Google Authenticator is free. If you installed this $50 version, you better run a malware scan.

* Wow. I am always much more careful than that. I searched the app store for Google Authenticator and this Authenticator app came up. You’re right. The one I installed wasn’t the one from Google. I didn’t get past the opening screen that said how much it was so didn’t enter any info.

Is there a way to run a malware scan on my phone?

 

[cranberryjoe]

* Wow. I am always much more careful than that. I searched the app store for Google Authenticator and this Authenticator app came up. You’re right. The one I installed wasn’t the one from Google. I didn’t get past the opening screen that said how much it was so didn’t enter any info.

Is there a way to run a malware scan on my phone?

I suspect an app like that is mainly just trying to collect money rather than install malware. Seems to be a common scam (see below). There are some malware/antivirus apps for phones. I have AT&T ActiveArmor on my phone (the free version). I have no idea how effective it is, but I do get a notification from it whenever I install a new app and every once in a while when it runs a full scan. I rarely load any new apps and try to be careful when I do, so I'm at pretty low risk I think.

https://lifehacker.com/don-t-fall-for-this-fake-authenticator-app-scam-1850177439

 

[Koolau]

Any "account locked" message sets off alarm bells for me. Careful of being scammed.

Yep! Ding, ding, ding, ding, ding.....

 

[Spock]

While never underestimating FB's capacity for stupidity... I can't imagine FB making 2FA mandatory. A very large percentage of FB users would have no idea how to manage 2FA and another large group wouldn't put up with the hassle just to read memes. Just look at how many believe that if they post a copy/pasted statement to prohibit FB from using their photos that FB is now legally prevented from doing so.

 

[disneysteve]

While never underestimating FB's capacity for stupidity... I can't imagine FB making 2FA mandatory. .

I would agree but they made it mandatory for me so there you go. The only way I could access my account yesterday was by setting up 2FA. That was the only option to get back in.

 

[5Miler]

Even with the implementation of 2FA in Facebook, you have the option of having your device remembered or recognized so the 2FA procedure isn't required except for new devices signing on.

 

[RetMD21]

....

I'm a fan of using 2FA as better than the alternative of getting the FB account hacked and taken over. I've known a few people recently that got their FB accounts stolen so they have imposters now.

There are free authenticator apps out there besides Google Authenticator. I've learned.....

I've had 2 factor at FB for a long time. I use the free version of Google authenticator.

 

[RetiredAndLovingIt]

Overnight I got a message from Facebook and it sure looked like it was their e-mail and they used my name but something did not feel right. They were sending me a Facebook recovery code to change my password and if I did not request it click on let us know which I did not. I opened Facebook on my laptop which is permanently logged in without using their code and changed my password. I also looked at my access and there was nothing unusual that I saw but I turned on 2FA just in case.
I just looked in my Spam and received that same code yesterday and today. I just googled it and it does appear to be a pfishing attempt from security@facebookmail

 

[easysurfer]

I've had 2 factor at FB for a long time. I use the free version of Google authenticator.

I used Google authenticator once years ago, but haven't looked at any more as I decided to go with the open source ones. I bet, as others have pointed out, the non-free one probably as phishing to steal information.

 

[REWahoo]

Overnight I got a message from Facebook and it sure looked like it was their e-mail and they used my name but something did not feel right. They were sending me a Facebook recovery code to change my password and if I did not request it click on let us know which I did not. I opened Facebook on my laptop which is permanently logged in without using their code and changed my password. I also looked at my access and there was nothing unusual that I saw but I turned on 2FA just in case.
I just looked in my Spam and received that same code yesterday and today. I just googled it and it does appear to be a pfishing attempt from security@facebookmail

I get this email frequently - three times today, so far. The "recovery code" seems to always be the same 8-digit number.

 

[RetiredAndLovingIt]

Scary stuff, something weird is going on.

 

[RetMD21]

Gmail seems to do a good job of sorting spam and phishing emails. I have given an outlook address to most businesses and websites and the filtering doesn't seem so good. I keep it because it is a firstnamelasname@outlook so it is easy to tell people verbally.

 

[RetiredAndLovingIt]

Correct, I'm not using a gmail address and I agree that's part of the problem. Hard to give up the yahoo one I've had for about 30 years now.

 

[24601NoMore]

Overnight I got a message from Facebook and it sure looked like it was their e-mail and they used my name but something did not feel right. They were sending me a Facebook recovery code to change my password and if I did not request it click on let us know which I did not. I opened Facebook on my laptop which is permanently logged in without using their code and changed my password. I also looked at my access and there was nothing unusual that I saw but I turned on 2FA just in case.
I just looked in my Spam and received that same code yesterday and today. I just googled it and it does appear to be a pfishing attempt from security@facebookmail

Scary stuff, something weird is going on.

Ditto..except when I googled it, there are a fair number of articles from credible sources claiming that "facebookmail.com" is actually the domain that FB sends Security messages from.

Sure enough - I changed my PW and enabled 2FA today, and got an email saying "you recently changed your password"...from Facebookmail.com.

Not sure what to make of all these "recovery" emails I've gotten lately, but I've received several a day for the past week or so.