Edit Your Comment

  1. Loias supports harsher punishments against corporations says:

    What, you wanted another reason not to use Facebook?

    • Griking says:

      You’re right, potential hackers should be allowed unlimited attempts at guessing our passwords.

      • Pandrogas says:

        The difference is that companies with similar policies have the ability to unlock accounts if the user calls or e-mails in with the right information.

        Facebook has next to no customer service, so if they create a problem, they will usually never fix it unless it becomes a serious issue affecting almost everyone or if the solution fits their agenda.

        • Griking says:

          I don’t see it specifically mentioned in the article but is the account locked temporarily or permanently? I assumed that it was temporarily since other sites do this as well.

          • Tim in Wyoming says:

            Its an odd thing they have going on. My account gets locked, I can reset my password, but I cannot login. Once the IP is blocked, there is nothing that can be done. I have to either obtain a new IP or use another internet connection. In my case though, I tested an entire class c block of IPs, all were blocked. Luckily my ISP makes changing IP addresses fairly simple.

            Bottom line, when I am home or at another location, signing on to facebook is challenging.

  2. Rectilinear Propagation says:

    if they are hit with too many failed logins

    That part of it doesn’t sound like an error.

    How many times do you have to login in and in how short a period do you have to do it in to re-create the error?

    • Clyde Barrow says:

      Too many failed login’s is just an “OP SEC” measure. Big deal. Companies have been doing this for years.Sometimes I think these OPs in these articles are ten years old.

  3. Bakergirl says:

    Yet another facebook fail. When’s the next social trent supposed to start? I think this one’s done.

  4. no says:

    When I was on vacation out of state and using the wireless network in the hotel, I was able to use Facebook just fine. However, my boyfriend could not. When he tried to log in it “detected suspicious activity” and asked him to “confirm his identity” by quizzing him with a bunch of his friends’ pictures. No matter how often he passed, he still couldn’t get in.

    • azsumrg1rl says:

      That happened to my mom. I don’t think that’s really fair. What’s the likelihood I’m gonna recognize a random sampling of my 400+ friends? Especially if the picture is of their damn dog or something?!

  5. herbie says:

    I dunno, seems reasonable to me as an approach to block hacking attempts…

  6. brokebackwallet says:

    I had an issue with logging in to my FB account via browser about two hours ago. Typed in user/pass and got a blank page while the URL changed to the usual one that you get after typoing user/pass. There seems to be something funky going on or was going on at FB as I very rarely do typos when logging in.

    Mobile version on iTouch worked fine though.

  7. leastcmplicated says:

    I dont see how this is fail, its a bot preventative and MANY online apps block you after making X number of failed attempts. how quickly and often is he logging in? is he logging on and logging off several times a minutes? hour?

  8. mugwump says:

    yeah, yeah, you can blame /b for that crap. This just prevents the internets from getting access to your account and sharing your username/password with the world…

  9. grucifer says:

    Must’ve locked his GF’s account up by trying to guess her password and realized he’ll get busted when she gets home and finds out her account is locked down. Because this definitely doesn’t sound like an error, sounds more BAU.

    What a dummy.

  10. pantheonoutcast says:

    And if Facebook didn’t have this feature, people would complain that it posed a significant security risk.

    So much ado over a free website…

    • jurupa says:

      People want their cake and it too, especially when it comes to FaceBook.

    • Pandrogas says:

      A temporary account lock makes sense. Blocking a whole range of IP addresses does not. Having no avenue to unlock your account again is the other problem.

    • phallusu says:

      that’s the other side of the coin-particularly it being free-if you don’t like it-don’t use it. i think i really could go the rest of my life without having to look at another version of someone’s home movie and i’m old skool on instant messaging-it’s called a telephone and the only ones who really need to type out their cinstant onversations are usually hearing challenged on the telephone … but not much room for ad revenues there.

  11. SwoonOMatic says:

    Its called intrusion detection. The systems are usually configurable to whatever parameters the owner sets.

    • nybiker says:

      Yep. My favorite operating system doesn’t even tell you (the person attempting to log in) that the account is locked. It just keeps displaying “User Authentication Failure”. We had it set for 6 failures = disabled. Of course the operator.log file and the console will have the alarm message that an account has just been marked as an Intruder and/or disabled. And depending on how tight the system manager has set things, even the source of the login attempt will be locked out. Oh what fun it was to tell users they had 2 choices: wait until the intruder status went away (it was a variable amount of time) or go to their supervisor to have some paperwork filled out indicating a password reset was needed.

  12. BuyerOfGoods3 says:

    I dare everyone to delete their Facebook. Or, Try. You can’t delete your account.
    Hence their “millions of users.”
    Mine is Inactive, the only setting they allow.

  13. MeOhMy says:

    Wait…you can get it to block entire IP ranges just by loading it up with bogus logons?

    So how long until some botherder DDOSes it?

  14. JMILLER says:

    Every banking site, my mortgage site, my utility bills, my car payment site all have this same blocking feature. The only way to become “unblocked” is to call them or wait the period of time they require. I had this happen when I tried logging in several times to my bank account and suddenly it said I had one more attempt left It was a newer account, and it actually was case sensitive for user names as well as passwords. I knew I had the right password, but only after I called did I find out the case sensitivity part.

    • Tim in Wyoming says:

      Thats all fine, but Facebook doesn’t have anything in place to remove the block. That is the issue here.

  15. Chaosium says:

    If someone posts my account details somewhere, I want my account locked.

  16. Corinthos says:

    I’m signed into facebook on two computers and once and two phones. It requires me to do a captcha on the comptuer for almost anything I do.

  17. Papercutninja says:

    i’m so cool because i hate facebook!

  18. HoJu says:

    This is unbelievable! It’s unheard of! In fact I don’t believe that this is true at all!
    Facebook RESPONDED TO SOMEONE?????

  19. Underpants Gnome says:

    So in theory I could lock out all of my “friends” accounts to keep them from playing farmville and throwing sheep at me with this trick…

  20. Tongsy says:

    That’s not a flaw, it’s a security feature.

  21. trey says:

    just do what i (and millions like me) did… quite using facebook. it is nothing but a time waster. if one wants to be “social” GET OUT OF THE EFFING HOUSE!

  22. Bakergirl says:

    **shrugs*** Probably.

    I know about this one though:

    Why not add on the log on feature that makes you read/typy in a series of letters and numbers everytime?

  23. ellemdee says:

    They’ll also lock your account if you add make too many friend requests in a certain amount of time. They don’t specify what constitutes “too many” or what the amount of time is. I get warnings if I try to add more than 4 new friends with a day. I’ve even heard of people getting blocked when they use Facebook’s own tool to add friends that are in your email address book because it exceeds their unknown “too many/too fast” limit. And what about new accounts? Those people are likely to try to find all of their friends and add them right away which, according to FB, is ban-worthy.

    I’ve seen theories that they’re trying to stop users from adding people they don’t actually know just to play games like Farmville with them. They seem to forget that games drive a lot of traffic to FB.

    • Rectilinear Propagation says:

      Sounds more like anti-spambot measures though I agree that the number of friend requests before it kicks in is too low.

      • ellemdee says:

        I even sent a unique message for each friend request, hoping the bot would “see” me as a person since I wasn’t just sending blank friend requests, but I guess it’s not that smart (though I guess a script could also be written to include a random message with each friend request if someone were so inclined to write one).

  24. anime_runs_my_life says:

    And it’s not just on the computer. It’s happening to mobile phones too. The husband got blocked out of his Facebook Mobile account when his phone froze and he tried to log in after he’d restarted his phone. He had to e-mail to get his IP address unblocked, but they claimed it was suspicious activity as well.

  25. gogo8675309 says:

    I sometimes have problems logging in. I use many different ways of logging in though, my phone, xbox, pc, ipod touch, trillian… and a while ago I was checking out and trying different apps to use with the facebook IM, so I’m sure all those logins caused some problems for me.

  26. FrugalFreak says:

    Seems an aid in having more than one account. facebook may think logging in and out quickly is switching accounts.

  27. Jay911 says:

    I have doubts simply because I don’t believe the claim that he was able to send a detailed email to Facebook, not to mention that he actually got a reply.

  28. coren says:

    I really think a lot of people are missing the point of the article/letter.

    It’s not about incorrect logins, primarily. Facebook actually has a good policy on that one, in banning the IP of someone potentially trying to gain access to another person’s account.

    It’s about legitimately logging in too many times in a short period – what does that protect?

  29. phallusu says:

    i don’t facebook, just another reason why … besides having a life instead of posting a webpage about it for imaginary friends – hey, anybody remember those zany sitcoms where the neighbors got trapped into being forced to watch home movies of someone else’s vacation – welcome to facebook!

    ps yawn