

My Facebook Login Lockout Ordeal and How I Prevailed  - basugasubaku
http://crosslandteam.com/blog/2010/08/29/my-facebook-login-lockout-ordeal-and-how-i-prevailed/

======
chrischen
I think one of Facebook's biggest problems right now is that for most people
it's still a place where all your friends are lumped together, whether it's
your mother or your college roommate.

I think they have lists for segmenting friends but unless they can make
Facebook grouping friends the core of their product, they're going to get the
friend overload and intermixing of friends problem for the majority of its
users.

Facebook succeeded because it was all about your college friends at first, and
only people you actually knew. Linkedin's success is proof that we don't want
to mix all our acquaintances into one identity site. If they can't make it
dead simple to segment our Facebook usage based on our friend circles, then
there's going to be some big problems ahead.

~~~
tomjen3
I agree with you, except I would think I would be the biggest problem with
facebook. Most people act differently when they are with their families,
places of work, etc than they do with their friends.

Why on earth facebook hasn't separated itself into groups jet I don't know,
but here is hoping the fridge will get there.

~~~
barrkel
Even more problematic is the fact that everyone of your "friends" can see all
your other "friends". This leads to silly things like your mother befriending
one of your work contacts because "SoAndSo became friends with SomeoneElse"
pops up on your status feed.

------
ydant
I actually think I'd be ok in this situation (and I have real difficulty
recognizing faces) largely because my "friends" list is pretty damn short. I
take the "friend" part pretty seriously - if they renamed it acquaintances, or
had built in separate lists for friends/acquaintances, I'd probably have a
longer list. Regardless, having Facebook lock me out on my holiday would be a
good thing.

It does sound like this whole thing was poorly thought through. You can't
encourage people to befriend everybody they every meet - and then ask them to
know what they all look like.

------
mtigas
I generally friend only people I'm, you know, _friends_ with -- or at the very
least met enough times to recognize. At some level of friends (300+?) I don't
think the site is useful for actual personal communication -- which is more or
less the only thing I find Facebook to be useful for.

I find those _friend recommendations_ to be just that: recommendations. I
likely know them through someone or they're in my local network: have I met
them? Do I want to _be friends_ with them? Or am I just shamelessly network-
marketing myself here?

I'd love to see this on every login, even just for a day. The fallout would be
hilarious.

~~~
cstross
You're not using FB for professional networking, are you?

If you're a professional you need to be visible. At the same time, you may not
want random folks unknown to you to be seeing all your personal details, so
you may lock those down so that only professional contacts -- "friends" -- can
see them.

That's how you end up with (checks) 893 friends (like me). It's a business
tool, not a reflection of your personal life.

(And that's before we get onto the jokers who select some random cartoon
character as a userpic, but that's just another failure mode for FB's broken
attempt to reinvent shared secret authentication.)

~~~
rimantas

      You're not using FB for professional networking, are you?
    

No, there is Linkedin for that.

~~~
cstross
Linkedin doesn't actually work (or do anything useful) for folks in my
profession. Caveat: if you don't have a fan page on Facebook, you're probably
not in my profession.

~~~
mtigas
I concede that Facebook fan pages are a whole other animal altogether. In
_that case_ (in terms of having an account to manage a fan page as a
professional face, so to speak), then performing user authentication based on
knowledge of "friends" (account connections) makes no sense whatsoever.

All joking and discourse regarding "friends" aside, I think it's _fair_ to
have multi-factor authentication when it appears that an account has been
breached. But yes, they could have implemented this differently. (See Gmail's
"last account activity" alerts, which notify you regarding a breach once you
log in from a recognized IP address but do not prevent access to your account:
[https://mail.google.com/support/bin/answer.py?ctx=gmail&...](https://mail.google.com/support/bin/answer.py?ctx=gmail&answer=45938)
)

I suppose I'm one of those odd, longtime users that wishes Facebook wouldn't
try to _be everything_ , hence the jabs at "I have too many friends" issue.

------
acabal
I hate their new lockout system. I'm a frequent traveler and run my business
from my laptop. FB is a great way to keep connected to other travelers you
meet and your friends back home while being on the road. But because I'm often
in a new _country_ every few days, let alone a new city, I get my FB account
locked a few times a week. It's a huge pain in the ass.

Here's a thought for a new FB revenue stream: I'd _pay_ them a monthly fee
_not_ to ever lock my account again. How sad is that?

~~~
almost
You may already know this, but just in case here's a solution for you, get a
VPS from Linode and proxy off it. You don't need to set anything up, just use
the -D flag to ssh to open up a SOCKS proxy. It's like this form OSX or Linux:

ssh -D 8080 your.vps.ip

You now have a SOCKS proxy running on 127.0.0.1:8080. You can do the same
thing using Putty on windows (it's in one of the settings tabs). Side benefit
is that you can't be snooped on by whoever owns the WiFi.

~~~
acabal
I didn't know that and that's actually incredibly useful. Thanks!

------
zengr
I had the same experience and I was locked out my account until I came back
home on my machine and logged in!

And, it is not only due to remote IP. It's remote IP + diff machine I guess.

------
cottsak
Won't somebody just say that such an identity verification system is stupid! I
had the "verify" problem a few months ago and wasn't asked to ID faces. This
must be new. Scrap and try again! It's ok to mess up facebook.

