[FridayWithJohn]

@DominikR, actually your question should not be downvoted at all as it looks like you genuinely want to know how you could solve this security problem.

First off, it is important to know that all IT systems have a scale from "weak" to "strong" in security terms. There is no 100% hacker IT proof system. Generally the more secure a system is the more of a hassle it is to use. Seeing as FB has just been accused by Snowden of handing over mass data it has on various users to the NSA, it would be very foolish for them to ask for this sort of very private data especially at this time (when a lot of people don't trust FB)

As for your question, here are some of the security workarounds FB could do instead of asking for a freaking ID (which by the way can easily be forged)

- Don't lock the account, rather suspend it for just a few days telling the user that he should reset his password

- Get a friend (that has been a friend on Facebook for ages, not just a few days) to authenticate the real user (for this to happen it is assumed he must actually contact his friend without using FB as his account is blocked.)

- A simple unique "reset your account password" URL sent to your e-mail address.

- OTP sent to your phone

Those are just some ideas I thought of in a few minutes. I'm sure there are a whole host more.