Tell HN: Failing to log in to deactivated Facebook account has reactivated it

107 points

8 years ago

I 'left' Facebook a couple of years ago, but only deactivated my profile at the time. Today I decided to delete it fully. Maybe I'm jumping on the bandwagon, but whatever, I've been meaning to do it for a while.

I went to log in but had forgotten that I used to use the Facebook app for 2-factor auth. I've also changed my phone number so I couldn't receive a code via SMS. I do have the recovery codes [0] from when I set up 2-factor auth, but cannot find any part of the login process that will accept a recovery code.

I then received an email from Facebook saying "Welcome Back to Facebook", telling me my account has been reactivated! Despite the fact that I never successfully logged in to my account. So apparently my profile is now back out there on Facebook, and there's nothing I can do about it until I (somehow) gain access to the account.

There seem to be two huge flaws here:

1. Why can't I log into my 2-factor protected account using saved recovery codes? That's what they're there for. (if anyone knows how to do this, please share!)

2. It seems anyone can reactivate a deactivated Facebook account by simply attempting to log in? EDIT: Perhaps it reactivated because I gave a correct username and password, but it still shouldn't do this until after the 2FA step

This seems like yet another dark UX pattern / security flaw from Facebook.

Just another reason to #deleteFacebook... (if only I could)

[0] https://www.facebook.com/help/www/148104135383285?helpref=faq_content&rdrhc

20 comments