Locked out of your Facebook account because of two-factor authentication? Learn from my mistakes

The Meta logo on a smartphone in front of the Facebook logo a little bit blurred in the background
(Image credit: Shutterstock / rafapress)

Like many of its users, I enabled 2FA (or two-factor authentication) on Facebook to protect my account more effectively. It was a doddle to add it to one of the best authentication apps on the market. However a catastrophic chain of events meant that I lost access to my Facebook account permanently and there’s nothing either myself or anyone else (including Facebook) can do.

A cautionary tale for those who embrace 2FA with aplomb; as a security feature, it will significantly cut the number of compromised accounts by making it far more difficult to use compromised login details. However, its implementation is not without pitfalls, even for a technology behemoth like Facebook. Given that you cannot create two Facebook accounts with the same email address and its ubiquitous use as an identity management solution.

It all started when I couldn’t restore the backup of my authenticator app. While Twitter allowed me to use a backup email to momentarily disable 2FA, Facebook didn’t offer such a solution. Instead, it suggested that I use the mobile Facebook app to generate a code (Scroll down and tap Code Generator under Settings & Privacy) or approve it from another device which is out of question given that my desktop browser was the only place where I ran an instance of Facebook. Why Meta thought running two instances of the social network is the norm is beyond me.

Facebook 1

(Image credit: Facebook)

Above is the list of options offered to me when I clicked on the “Need another way to authenticate?” link. There’s only two, none of which are useful to solve my problem. In many instances, two other options will appear, the ability to send a login code and the ability to manually confirm your identity, none of which are available here.

What’s disappointing is that you can reset your password (Facebook sends you an 8-digit password reset code) using a reset account page, the process doesn’t account for any 2FA-related snafu. For security reasons, you can't use the same mobile phone number that you use for two-factor authentication to help you reset your password. Ironically, my misadventure came on the day that Microsoft, Apple and Google announced that they want to collaborate to make passwordless logins mainstream. Rather fittingly, that was on World Password Day. So while you may have the best password manager, messing up with your authenticator app and having a service provider that doesn’t offer a full range of recovery options may end up causing you a hell lot of trouble.

What can you do?

  • Use two authenticator apps rather than one. It’s called redundancy and applies to critical data and processes. They’re usually free, so why not.
  • Alternatively you may want to use text SMS as well to send the six-digit passcode.
  • Set up trusted contacts in the security and login settings and contact them when you’re locked out of your Facebook account.

What can Facebook do?

Offer more ways for Facebook users to recover their accounts in case of technical issues that don’t rely on 2FA or a mobile app. In my case, I am not offered email, the option to upload documents to prove my identity or text/SMS to help me out of my ordeal? Why? I don’t know. I still have access to my login and password and Facebook is sending me updates via email and on the login page (see below). Other security features the world’s largest social network could implement include using Whatsapp (or Instagram), the other popular services owned by Meta, using browser fingerprinting or facial recognition.

As it stands, I am still locked out of my Facebook account, which may or may not be a blessing in disguise. Only time will tell.

Facebook 2

(Image credit: Facebook)
Desire Athow
Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website builders and web hosting when DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.