Companies are increasingly pushing account holders to embrace two-factor authentication, a login method that typically makes users supplement their passwords with codes sent by apps or texts. Show But the extra layer of security, also known as 2FA, is also making it easier for people to get locked out of their accounts. That has given bad actors a new opportunity to exploit, according to some security executives. And tech companies have proven slow—in some cases unable—to help rightful account holders regain access, some users say. Naomi Taylor, a branded-content strategist based in London, has been trying to get back into her Facebook account since last October, when a hacker logged into her account with her password, switched on 2FA, and connected it with a phone number that wasn’t hers, blocking her from logging in. She has sent Facebook a photo of her passport and driver’s license to prove her identity seven times, but each time has received an automated message saying her identification cannot be authenticated, she said. “I haven’t been able to speak to someone because there aren’t any [phone] numbers,” she said. As more of society moves toward account-based software and apps for everything from banking to health, the repercussions of getting locked out are becoming more serious, according to Brian Manning, chief executive and co-founder of Sharehold, an app from developer ExSilico Ltd. that aims to improve the recovery process. Two-factor authentication makes accidental lockouts more likely, said Mr. Manning. Many users set up systems to text their phone numbers with codes needed to log in. But phones are easily lost and stolen, and people sometimes change their cell numbers before remembering to update their accounts, Mr. Manning said. Still, technology companies call 2FA a vital measure to protect against hackers and say it works when used to its fullest extent. That means consumers should, where possible, add two different types of verification methods, such as an email address or a verification app in addition to their numbers. Verification apps such as Authy and Google Authenticator generate codes on a user’s device rather than sending them by text message. Consumers should also store recovery codes that can provide access if other methods fail. But most users aren’t aware of recovery codes—also called backup codes—which are usually shown to a user the first time they switch 2FA on and then stored in their security settings, Mr. Manning said. And even those who follow protocol can struggle. Daniel Burnett, a content creator, knew he could use his backup codes to get back into his Discord instant messaging account when his phone was stolen at a music festival in Orlando, Fla., last November, and his account was sending 2FA codes to his lost phone instead of its replacement. The problem was that the backup codes were stored on his desktop computer—at his home in San Diego. “I contacted support. It took three days until they got back, and they basically just said, you’re out of luck,” he said. He regained access only when he returned home a week later. Danny Duong, director of customer experience at Discord Inc., said users can disable 2FA or search for digital copies of their recovery codes if they are logged into their accounts on other devices. Failing that, however, “there is no recovery,” he said. Some startups have designed products to make sure backup codes don’t get lost. Sharehold, the app co-founded by Mr. Manning, lets users store their recovery codes and share them with trusted friends and family for ease of access. Guemmy Kim, Google’s director of account security and safety, advises users to simply write down their backup codes and store them in a wallet or with a passport. However, she said, “I think most people don’t know about them.” Tech companies say they emphasize automation over human customer service to benefit locked-out consumers asking for help, calling it faster, and harder for hackers to fool. Facebook parent Meta Platforms Inc. is trying to improve the recovery experience but still employs automated recovery processes before letting people reach a staffed support center, said Nathaniel Gleicher, head of security policy at Meta. Groups such as politicians and journalists that are more likely to be targeted can more easily get through to a human, he added. Meta didn’t immediately comment on Ms. Taylor’s situation. Google has in the past few years shifted away from manual recovery processes to automated ones, enabled by improvements to its technology’s ability to pick up on suspicious account behavior, Ms. Kim said. “The thing that’s missing, that I do recognize, is sometimes users just want to talk to somebody to almost handhold them through the process,” she said. Write to Katie Deighton at Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8 How do I bypass 2 factor authentication on Facebook?First off, go to Settings and Privacy > Settings > Security and Login > Two-factor authentication on your browser-based Facebook account. You'll find a list of your authorized devices where you won't need to use a login code. It's worth checking these and adding a second phone, for example.
What if you lose your phone with twoYou'll need to set up two-factor authentication before you can use this feature. If you've turned on two-factor authentication, you can get 10 recovery login codes to use when you're unable to use your phone. Once you have your recovery codes, you can use one in place of your authenticator code when logging in.
How can I recover my Facebook account without verification code?You may be able to get back into your Facebook account by using an alternate email or mobile phone number listed on your account. Using a computer or mobile phone that you have previously used to log into your Facebook account, go to facebook.com/login/identify and follow the instructions.
Can you bypass a twoIf the 2FA consists of a regular one-time password authentication code delivered through SMS, hardware or software token then the victim will enter it as usual. However even modern security features such as a push notification to a mobile device or scanning of a QR code on the screen will be bypassed by this attack.
|
Locked out of facebook account two factor authentication
Copyright © 2024 berikutyang Inc.
