Can't login with 2FA on Facebook

[nanny07]

If you have 2FA enabled on your Facebook account, you can't login

[mobeigi]

Not too sure what the best way to address this would be.

Some options I can think of:

1. Turn off 2FA for Facebook (not ideal for those wanting to use 2FA)
2. Perform manually login using 2FA, fetch cookies and store them in config file which then gets used by the script long term. You'll still have to manually update the cookies from time to time when they expire.
3. Store your Facebook 2FA secret in the app/script so the app can generate 2FA codes for Facebook and perform the login itself.

None of these are really ideal. If you have other ideas let me know.

[3rasernl]

Option 2 might also solve the cookie login problem, I'm willing to try it out to see if that fixes things

[nanny07]

Maybe an user can create an App Password that is unique for this. With app password you haven't to insert the 2FA code

[nanny07]

I've tried with the App Password but it can't login:

It only say:
Failed to authenticate with Facebook. Please check provided email/password.

[jonicunha]

Same problem over here. Disabled 2FA but I still get the error: "Failed to authenticate with Facebook. Please check provided email/password."
Tried App password like nanny07 suggested but didn't work either.

[mobeigi]

Hmm I couldn't get their app passwords to work for me either. I don't think they allow directly logging into a Facebook account anyway. It seems like its a different concept to regular 'app passwords' which simply act as login credentials that don't require 2FA authentication.

[gioluca2]

I don't know what 2FA is. When I follow your readme I give this error:
fb2cal ERROR (main) Failed to authenticate with Facebook with email [email protected]. Please check provided email/password.
Traceback (most recent call last):
File "./fb2cal.py", line 732, in
main()
File "./fb2cal.py", line 113, in main
raise SystemError
SystemError

[mobeigi]

@gioluca2
2FA is two factor authentication.
Are you a European user? If so, your login may be failing due to a bug that was just fixed in #4. Try downloading code again and following the steps.

[jonicunha]

Still can't run the script:

PS C:\Users\jonic\Desktop\fb2cal-master_1.0.2\fb2cal-master\src> python .\fb2cal.py
[2019-08-03 10:48:21,065] fb2cal INFO () Starting fb2cal v1.0.2 (Production) [https://git.io/fjMwr]
[2019-08-03 10:48:21,066] fb2cal INFO () This project is released under the GPLv3 license.
[2019-08-03 10:48:21,067] fb2cal INFO (main) Attemping to parse config file config.ini...
[2019-08-03 10:48:21,070] fb2cal INFO (main) Config successfully loaded.
[2019-08-03 10:48:21,070] fb2cal INFO (main) Logging level set to: INFO
[2019-08-03 10:48:21,071] fb2cal INFO (main) Authenticating with Google Drive API...
[2019-08-03 10:48:21,077] googleapiclient.discovery INFO (_retrieve_discovery_doc) URL being requested: GET https://www.googleapis.com/discovery/v1/apis/drive/v3/rest
[2019-08-03 10:48:21,279] fb2cal INFO (main) Successfully authenticated with Google Drive API.
[2019-08-03 10:48:21,280] fb2cal INFO (main) Attemping to authenticate with Facebook...
[2019-08-03 10:48:22,474] fb2cal ERROR (main) Failed to authenticate with Facebook with email [email protected]. Please check provided email/password.
Traceback (most recent call last):
File ".\fb2cal.py", line 732, in
main()
File ".\fb2cal.py", line 113, in main
raise SystemError
SystemError

I tried to reset all cookies from facebook but I still don't see that banner when I access facebook.com/login.php for the frist time. The cookies stored are:
c_user
datr
fr
presence
sb
spin
wd
xs

Can you try it with Portugues IP please?
Thank you

[mobeigi]

@ldoench Please avoid commenting on issues if its unrelated.

Turn logging level toDEBUG in config.ini and inspect results or email me logs (my email on github profile page). For general Facebook security stuff, if you manually log out and back into your account Facebook should show you a 'Was this really you" message which you can use to authorise the other machine.

[ezeholz]

I made a research about this and I found some interesting code that might help to resolve this issue. I think that only saves the cookies when it's successfully autenticated, and that's some kind of what you guys are looking for:

https://github.com/pkoenig10/sink/blob/master/sink.py#L106

[mobeigi]

Haven't looked into it much but looks like its just entering an 2FA code into the 2FA prompt. We can do that too but how do we get the code. Does anyone know if the 2FA recovery/backup codes for Facebook are one time uses

Storing the 2FA secret within the config seems like a pretty stupid security risk. App passwords don't seem like they will work outside of Facebook API. I'm not sure what the most secure way to fix this issue is tbh but I might add a method that works just for now.

[ezeholz]

I mean, Birthday's don't change so often, so this might be a manual solution.

This might also work for long terms:
MechanicalSoup/MechanicalSoup#37

Also, I checked if 2FA backup codes are one-time uses, and it looks like they are. Nothing to do with that.

[ilf-S]

Using a cookie file seems like the only smart solution at this point. Frankly, I don't know how anyone is willing to use any social network without having 2FA enabled, but that's a subject for completely different conversation. I second the fact that birthdays are fairly permanent events, and the only reason to run this script as a cronjob is if you add/remove a lot of people everyday.

[mobeigi]

@ilf-S Cookies are a decent solution. Maybe a JS one liner users can execute while logged into a browser which dumps to a useable pickle format than can be loaded in.

Original script was built and designed to be on a cronjob to replicate the original behavior as closely as possible. But yeah running this once may meet a lot of users requirements.

[dsernst]

I thought this was going to be a blocker for me. I started looking into the stored FB cookies to see if I could pull them out to add support to the script. Then realized a much simpler solution. Maybe this is obvious but it took me a bit to realize, hopefully helpful for others:

1. Temp disable 2FA: https://www.facebook.com/security/2fac/setup/intro/
2. Run script to download the next 12 months worth of birthdays.
3. Turn 2FA back on.

I don't actively use Facebook any more, so not worried about updates for adding/removing people. If necessary, could repeat the process more frequently.

Cheers, thanks for the great script 🎉

[alavela]

I had the same problem and used @dsernst solution. By the way, @mobeigi I want to thank you very much for your very useful and well written script! You're great!

[michahell]

Just turn it off temporarily, then turn it back on straight away. Security is never a failsafe, only a stopping force anyway.

[aoun977]

Hlo sir
can you give me facebook password change script in python. Plz

[mobeigi]

Hlo sir can you give me facebook password change script in python. Plz

Hi! Sorry, that is not the goal of this project.

[aoun977]

Sir can you make such a script for me. Plz sir

…

On Sun, May 7, 2023, 8:23 AM Mo Beigi ***@***.***> wrote: Hlo sir can you give me facebook password change script in python. Plz Hi! Sorry, that is not the goal of this project. — Reply to this email directly, view it on GitHub <#9 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A5ZUBETJ6MO4SPAJAGVD5KTXE4ISBANCNFSM4IHEBFXA> . You are receiving this because you commented.Message ID: ***@***.***>

[maxexcloo]

Wondering if anyone has had a look at this? My account locks so frequently when I don’t have 2FA enabled unfortunately…

[mobeigi]

Wondering if anyone has had a look at this? My account locks so frequently when I don’t have 2FA enabled unfortunately…

@maxexcloo
How are you using this tool? Are you using it regularly which causes locking?
Facebook flags this script in general probably because various cookies / headers are missing which makes the login seem suspicious (even though the IP is matching the IP you usually use to login).

As for 2FA no real solution was proposed.
I think the simplest solution may be to prompt the user for 2FA if its enabled for the account but this will mean the script can't be used as part of an automated solution. There is no real good solution for an automation solution.

Also work on this issue isn't really planned. Most people seem to just disable 2FA, get the birthdays then reenable it.

[maxexcloo]

Ah I did have a regular export - will just run it manually now I think :)