Certain Facebook users received an email from Meta recently explaining that they must enable Facebook Protect or be locked out of their Facebook accounts. And well, now they are. But here is the thing. The email seemed incredibly spam-worthy.
Facepalm or Facebook
The email started off with this statement, “Your account requires advanced security from Facebook Protect.” The email then warns users to turn on Facebook Protect by 17 March 2022. Failure to do so would result in being locked out. Users could turn on the feature by simply clicking on the link in the email.
But… clicking an urgent link in an email, that will log into your personal account to activate something you didn’t ask for, doesn’t always turn out that well. It’s the sort of activity spammers love to implement in their poorly-spelled missives. In this case, are Facebook users to blame, or is it Meta’s sketchy choice of update notification?
What now?
5/ We’re looking into isolated examples where people may need help enrolling in the program. Thank you for your patience and we really appreciate people taking steps to secure their accounts.
— Nathaniel Gleicher (@ngleicher) March 19, 2022
Tons of users who ignored the email from security@facebook.com — which seems awfully legit — are now locked out of their Facebook accounts. Meta’s head of security policy, Nathaniel Gliecher, took to Twitter to (try and) calm the Facebook deprived.
Other users are complaining that Protect’s two-factor authentication process isn’t working as it should, leaving them locked out. Others experienced difficulties with the process prior to the 17 March cutoff, which led to them being unable to activate Protect at all. They, also, are now unable to log into their Facebook accounts.
What is Facebook Protect?
According to Meta, Facebook Protect is primarily for people who are likely to be targets of malicious hackers; like “…human rights defenders, journalists, and government officials”. It uses two-factor (2FA) authentication to improve the security of Facebook accounts. Two-factor authentication is when a mobile number, email address, or mobile phone app is used as a second tier of security when logging into an account, along with a username and password.
This event is both good and bad for Meta. It’s bad, in the sense that the ‘enhanced security’ feature isn’t working as intended. It’s good, in that Meta didn’t roll it out to all users in this state. The fallout from this could have been considerably worse.
Source: The Verge