|I 'left' Facebook a couple of years ago, but only deactivated my profile at the time. Today I decided to delete it fully. Maybe I'm jumping on the bandwagon, but whatever, I've been meaning to do it for a while.|
I went to log in but had forgotten that I used to use the Facebook app for 2-factor auth. I've also changed my phone number so I couldn't receive a code via SMS. I do have the recovery codes  from when I set up 2-factor auth, but cannot find any part of the login process that will accept a recovery code.
I then received an email from Facebook saying "Welcome Back to Facebook", telling me my account has been reactivated! Despite the fact that I never successfully logged in to my account. So apparently my profile is now back out there on Facebook, and there's nothing I can do about it until I (somehow) gain access to the account.
There seem to be two huge flaws here:
1. Why can't I log into my 2-factor protected account using saved recovery codes? That's what they're there for. (if anyone knows how to do this, please share!)
2. It seems anyone can reactivate a deactivated Facebook account by simply attempting to log in? EDIT: Perhaps it reactivated because I gave a correct username and password, but it still shouldn't do this until after the 2FA step
This seems like yet another dark UX pattern / security flaw from Facebook.
Just another reason to #deleteFacebook... (if only I could)