Hmm. I wouldn’t call it a hack. Lets call it crack which suits more. Anyways, lets start the way a classical story starts.
It was the time when I was during my Internship, and using Facebook, now and then. One fine day, one of the mentor told me “You know what. Facebook allows you to recover your account using a new email address that is not linked to facebook”. I was like – What the hell? No. But it wont be hackable. It is the largest social networking site”. But I did take a chance to crack into my facebook account. So logged out of my facebook account, cleared my browser’s cookies, and stopped there. Shit. Why can’t I just use the Incognito window. So there I go. A new incognito window, type facebook, CTRL+ENTER, and click – Forgot the Password link.
What happens? It asks for email, username, or your name and one of your friends name. I chose the worst case. Name and Friend’s name. Entered it and I was presented with a list of email address and a phone number which are masked by *, as in m*@********.in. Then there was an option, “I have no access to any of these”. That being the testing part, I chose that and used my Festember account email address, that was not linked with any of my previous email accounts as well as in Facebook. Not so fast buddy, you have a checkpoint to be crossed now.
This checkpoint is called “Secret Question and it’s Answer” :P. The secret question appears. “What is the name of your first pet?”. Hmm. I remember entering a silly answer to this question. Ofcourse, most of you would have entered a silly answer and would have chose this question. Let me talk about this part a little later. For now, lets continue in the story mode. First try “puppy”, I entered, the browser spitted on me throwing an error. Lemme think, “I don’t have a pet, stupid question”, hmm what about “tiger”, I entered, there I go, OMG, it got through and the following message appeared – “The password reset link is sent to my email address”. I checked my Festember account mail and there I had a nice new email, “Facebook password Reset link”. and I checked my other email accounts and there it was “Facebook password reset. If you did not request for a password reset Click here”.
Nice enough. So happily clicked the password reset link from my new account, and I got the page where it said “Enter new password” and “Confirm new password”, happily entered the new password, and clicked Submit. Now What ??? Not so fast buddy. The next page loaded. => => . happiness to sadness. This page contained the content “Your account will remain blocked for 24 hours. This is for security purposes and blah blah ….. “.
So no more facebook for 24 hours. Hmm. Thats, actually fine, but the thing I need to worry about is “Any one can change my password and block my account for 24 hours.” Now I can’t even login and change my secret question. My mentor, sitting by my side replied – “Sorry buddy, You cannot change your security question. There is no such option in Facebook settings.”. What the Fffffffreak. So what do I do now. “Wait for 24 hours. Now you continue your work.”
I’m not gonna give up. Surely facebook wouldn’t have allowed some idiot to crack into some profile just by typing a pet name called “tiger”, there should be some security. So I tried logging in with my old password. It threw an error which said “Use your new password”. Now what do I do ?. I wont be able to login with my old password, and if I do with my new password, I wont be able to access my account. So I tried resetting my god damn password again. Went through the same procedure after some 6 hours, went to the “Forgot password section”, and just found that my festember email was linked to the facebook account. Ohhhhhh. Myyyyyy. Godddd. So I sent a password reset link to my Festember email account, and then reset my password.
Now I tried to login with my new password, and guess what. It worked. The story ends.
NOTE: Kind request, please don’t try to hack into my account with the answers I mentioned above. I just forgot to mention one more thing. After the second time password reset, it allowed me to change my secret question and I changed it. But there is no option to change your secret question in Facebook settings. And you wont get one too if you do the above mentioned procedure. It just comes once and doesn’t appear in your settings.
In the middle of the story, I paused and mentioned “lets find about this a little later”. This is about the secret questions. There are only 4 questions in the list in Facebook. All these four questions are such that you can directly ask any question to any person and that person wouldn’t hesitate to answer you. For example, if your friend asks you, “What is the first pet you had?”, and you had a pet, would not you be thrilled to tell the happy moments with your first pet, and a story about the first pet – Girls especially. So, at this place, your friend could get your first pet’s name, and happily crack into your facebook account, if you are not in sync with your email account, or facebook account for more than 24 hours.
Now the sad part is that anyone can see your secret question and ask that to you. And as I said, there are only 4 of them which are so silly. And the saddest part is, even after knowing this, you won’t be able to change your secret question. Hmm, not because of this, Facebook is considered insecure, but because of something else also, that is a bit too technical to be discussed in a story.
One small advice, you can have as many email accounts as possible, but always have one secondary email account that you will be checking most frequently and make sure this secondary email account is linked to every service you are using over the web. And regarding Facebook, I’m sorry.