Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can't login with 2FA on Facebook #9

Open
nanny07 opened this issue Jul 26, 2019 · 24 comments
Open

Can't login with 2FA on Facebook #9

nanny07 opened this issue Jul 26, 2019 · 24 comments
Labels
bug Something isn't working enhancement New feature or request help wanted Extra attention is needed

Comments

@nanny07
Copy link

nanny07 commented Jul 26, 2019

If you have 2FA enabled on your Facebook account, you can't login

@mobeigi mobeigi added enhancement New feature or request bug Something isn't working labels Jul 26, 2019
@mobeigi
Copy link
Owner

mobeigi commented Jul 26, 2019

Not too sure what the best way to address this would be.

Some options I can think of:

  1. Turn off 2FA for Facebook (not ideal for those wanting to use 2FA)
  2. Perform manually login using 2FA, fetch cookies and store them in config file which then gets used by the script long term. You'll still have to manually update the cookies from time to time when they expire.
  3. Store your Facebook 2FA secret in the app/script so the app can generate 2FA codes for Facebook and perform the login itself.

None of these are really ideal. If you have other ideas let me know.

@mobeigi mobeigi added the help wanted Extra attention is needed label Jul 26, 2019
@3rasernl
Copy link

Option 2 might also solve the cookie login problem, I'm willing to try it out to see if that fixes things

@nanny07
Copy link
Author

nanny07 commented Jul 26, 2019

Maybe an user can create an App Password that is unique for this. With app password you haven't to insert the 2FA code

@nanny07
Copy link
Author

nanny07 commented Jul 27, 2019

I've tried with the App Password but it can't login:
image

It only say:
Failed to authenticate with Facebook. Please check provided email/password.

@jonicunha
Copy link

Same problem over here. Disabled 2FA but I still get the error: "Failed to authenticate with Facebook. Please check provided email/password."
Tried App password like nanny07 suggested but didn't work either.

@mobeigi
Copy link
Owner

mobeigi commented Jul 27, 2019

Hmm I couldn't get their app passwords to work for me either. I don't think they allow directly logging into a Facebook account anyway. It seems like its a different concept to regular 'app passwords' which simply act as login credentials that don't require 2FA authentication.

@mobeigi mobeigi pinned this issue Aug 2, 2019
@gioluca2
Copy link

gioluca2 commented Aug 2, 2019

I don't know what 2FA is. When I follow your readme I give this error:
fb2cal ERROR (main) Failed to authenticate with Facebook with email [email protected]. Please check provided email/password.
Traceback (most recent call last):
File "./fb2cal.py", line 732, in
main()
File "./fb2cal.py", line 113, in main
raise SystemError
SystemError

@mobeigi
Copy link
Owner

mobeigi commented Aug 3, 2019

@gioluca2
2FA is two factor authentication.
Are you a European user? If so, your login may be failing due to a bug that was just fixed in #4. Try downloading code again and following the steps.

@jonicunha
Copy link

Still can't run the script:

PS C:\Users\jonic\Desktop\fb2cal-master_1.0.2\fb2cal-master\src> python .\fb2cal.py
[2019-08-03 10:48:21,065] fb2cal INFO () Starting fb2cal v1.0.2 (Production) [https://git.io/fjMwr]
[2019-08-03 10:48:21,066] fb2cal INFO () This project is released under the GPLv3 license.
[2019-08-03 10:48:21,067] fb2cal INFO (main) Attemping to parse config file config.ini...
[2019-08-03 10:48:21,070] fb2cal INFO (main) Config successfully loaded.
[2019-08-03 10:48:21,070] fb2cal INFO (main) Logging level set to: INFO
[2019-08-03 10:48:21,071] fb2cal INFO (main) Authenticating with Google Drive API...
[2019-08-03 10:48:21,077] googleapiclient.discovery INFO (_retrieve_discovery_doc) URL being requested: GET https://www.googleapis.com/discovery/v1/apis/drive/v3/rest
[2019-08-03 10:48:21,279] fb2cal INFO (main) Successfully authenticated with Google Drive API.
[2019-08-03 10:48:21,280] fb2cal INFO (main) Attemping to authenticate with Facebook...
[2019-08-03 10:48:22,474] fb2cal ERROR (main) Failed to authenticate with Facebook with email [email protected]. Please check provided email/password.
Traceback (most recent call last):
File ".\fb2cal.py", line 732, in
main()
File ".\fb2cal.py", line 113, in main
raise SystemError
SystemError

I tried to reset all cookies from facebook but I still don't see that banner when I access facebook.com/login.php for the frist time. The cookies stored are:
c_user
datr
fr
presence
sb
spin
wd
xs

Can you try it with Portugues IP please?
Thank you

@mobeigi
Copy link
Owner

mobeigi commented Aug 4, 2019

@ldoench Please avoid commenting on issues if its unrelated.

Turn logging level toDEBUG in config.ini and inspect results or email me logs (my email on github profile page). For general Facebook security stuff, if you manually log out and back into your account Facebook should show you a 'Was this really you" message which you can use to authorise the other machine.

@ezeholz
Copy link

ezeholz commented Aug 5, 2019

I made a research about this and I found some interesting code that might help to resolve this issue. I think that only saves the cookies when it's successfully autenticated, and that's some kind of what you guys are looking for:

https://github.com/pkoenig10/sink/blob/master/sink.py#L106

@mobeigi
Copy link
Owner

mobeigi commented Aug 5, 2019

Haven't looked into it much but looks like its just entering an 2FA code into the 2FA prompt. We can do that too but how do we get the code. Does anyone know if the 2FA recovery/backup codes for Facebook are one time uses

Storing the 2FA secret within the config seems like a pretty stupid security risk. App passwords don't seem like they will work outside of Facebook API. I'm not sure what the most secure way to fix this issue is tbh but I might add a method that works just for now.

@ezeholz
Copy link

ezeholz commented Aug 5, 2019

I mean, Birthday's don't change so often, so this might be a manual solution.

This might also work for long terms:
MechanicalSoup/MechanicalSoup#37

Also, I checked if 2FA backup codes are one-time uses, and it looks like they are. Nothing to do with that.

@ilf-S
Copy link

ilf-S commented Aug 22, 2019

Using a cookie file seems like the only smart solution at this point. Frankly, I don't know how anyone is willing to use any social network without having 2FA enabled, but that's a subject for completely different conversation. I second the fact that birthdays are fairly permanent events, and the only reason to run this script as a cronjob is if you add/remove a lot of people everyday.

@mobeigi
Copy link
Owner

mobeigi commented Aug 23, 2019

@ilf-S Cookies are a decent solution. Maybe a JS one liner users can execute while logged into a browser which dumps to a useable pickle format than can be loaded in.

Original script was built and designed to be on a cronjob to replicate the original behavior as closely as possible. But yeah running this once may meet a lot of users requirements.

@dsernst
Copy link

dsernst commented Nov 26, 2019

I thought this was going to be a blocker for me. I started looking into the stored FB cookies to see if I could pull them out to add support to the script. Then realized a much simpler solution. Maybe this is obvious but it took me a bit to realize, hopefully helpful for others:

  1. Temp disable 2FA: https://www.facebook.com/security/2fac/setup/intro/
  2. Run script to download the next 12 months worth of birthdays.
  3. Turn 2FA back on.

I don't actively use Facebook any more, so not worried about updates for adding/removing people. If necessary, could repeat the process more frequently.

Cheers, thanks for the great script 🎉

@alavela
Copy link

alavela commented Mar 16, 2020

I had the same problem and used @dsernst solution. By the way, @mobeigi I want to thank you very much for your very useful and well written script! You're great!

@michahell
Copy link

Just turn it off temporarily, then turn it back on straight away. Security is never a failsafe, only a stopping force anyway.

@aoun977
Copy link

aoun977 commented Apr 27, 2023

Hlo sir
can you give me facebook password change script in python. Plz

@mobeigi
Copy link
Owner

mobeigi commented May 7, 2023

Hlo sir can you give me facebook password change script in python. Plz

Hi! Sorry, that is not the goal of this project.

@aoun977
Copy link

aoun977 commented May 7, 2023 via email

@maxexcloo
Copy link

Wondering if anyone has had a look at this? My account locks so frequently when I don’t have 2FA enabled unfortunately…

@mobeigi
Copy link
Owner

mobeigi commented Dec 29, 2023

Wondering if anyone has had a look at this? My account locks so frequently when I don’t have 2FA enabled unfortunately…

@maxexcloo
How are you using this tool? Are you using it regularly which causes locking?
Facebook flags this script in general probably because various cookies / headers are missing which makes the login seem suspicious (even though the IP is matching the IP you usually use to login).

As for 2FA no real solution was proposed.
I think the simplest solution may be to prompt the user for 2FA if its enabled for the account but this will mean the script can't be used as part of an automated solution. There is no real good solution for an automation solution.

Also work on this issue isn't really planned. Most people seem to just disable 2FA, get the birthdays then reenable it.

@maxexcloo
Copy link

Ah I did have a regular export - will just run it manually now I think :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests