fb-messenger-cli
fb-messenger-cli copied to clipboard
Signing in results in forced Facebook password reset
To reproduce:
- git clone
- npm install
- node cli
- sign in
- Presented with empty conversation screen:
Select conversation :
>
- Signed out of facebook.com in browser, sign in starts password reset process
Would this be something on fb-messenger-cli's end or Facebook being over-active in resetting passwords?
Thanks very much for all the amazing work, I don't believe you owe me anything :)
I would assume this has to do with Facebook's fraud detection. I wouldn't speculate on what exactly caused the password reset but we don't have code that would actively try to do that in this app.
I did this to myself once when I was working on sign in. If for any reason the login code gets stuck in an infinite loop, you will rapidly exceed the login attempt limit.
Maybe it would be a good idea to add a retry limit, and once that limit is reached, we prompt the user to ask them to login in a browser to prevent lockout / forced pw reset?
This happened to me today. I wonder if FB recently changed something in their fraud detection algorithm.
I confirm I ran into this issue as well and can't use the tool anymore either.
I also have to unfortunately confirm. This has happened to me twice over the past week.
Steps I have done to reproduce problem:
- open fb-messenger-cli
- enter a conversation and send a message
- exit fb-messenger-cli
10 minutes later, my account was locked and I received a message from Facebook asking me to change my password.
Can confirm this issue. I normally use 2FA authentication, but fb-messenger-cli didn't accept logging in with the app-specific generated password. After disabling 2FA I was able to login, but then my account got locked down after 10 minutes.
+1 Started happening to me after using fb-messenger-cli without any problems for two months
I randomly installed fb-messenger-cli using npm install
today, and I didn't have any issue with my password being compromised or needing a reset. Maybe this issue got resolved on Facebook's side.