[tryke]

I was surprised to learn that Facebook has a "3 trusted friends" method for recovering your account without the original email or security question response.

EDIT: tried to find a better source for that, came up with https://www.facebook.com/notes/facebook-security/national-cy...

Looks like the feature is still being rolled out, and the attacker doesn't get to choose which friends he trusts.

[JonnieCache]

Right. Does this mean that me and two of my friends can just decide to stage a coup on any of our mutual friends' accounts?

EDIT: Yeah, apparently it does. Sweet. Time to scour /b/ for some truly horrible shit to plaster peoples' profiles with. Also highly recommended: changing their birthday to tomorrow.

[X-Istence]

Don't I have to set up these three trusted friends? All I can find in Facebooks documentation is that I would need to specify these three to five trusted friends but I can't find anywhere to set this up.

[sp332]

Hm, this link has different screenshots: http://www.hackersonlineclub.com/hack-facebook-account Any 3 "friends" who put their codes in can get access to your account.

[scott_s]

No, it does not: http://news.ycombinator.com/item?id=3297075

[noahc]

I just tried this on my brothers account. It lets me guess at his security question and then kicks me to a page that basically says that they currently don't support password recovery without knowing the answer to the security question.

[tshtf]

Apparently it's a feature where you can't update your security question either:

We want to make sure that your account and the information in it stays safe, so once you set up a security question on your account there’s no way to update it. Sorry for the inconvenience.

https://www.facebook.com/help/?page=227159377299846

[gbelote]

That surprised me too. When trying myself I wasn't able to reach that method. I could be "doing it wrong", it could be no longer active, or may not work with an account tied to gmail. Has anyone else been able to do it?