I recently ended up helping a friend manage his recovery process. Its still in the process, and there have been numerous problems facing us.

What I found troubling was that, anyone could temporarily gain access to his email and use it to compromise Facebook. Even more troubling was the fact that his legitimate email and phone number associated with the account was so easily removed and replaced with that of the compromiser. I personally feel there should be an added layer of confirmation and an option to suspend the account for a day at the discretion of the owner.

Granted that this may prove to be a pain if someone legitimately wants to change their account. But should it be this easy for anyone to change the email and phone number just because of a temporary loss ?

Also. The recovery process is very helpful. I have no doubt about that. But I still worry, would it be the same for someone dying ? Would anyone be able to use that recovery process and get three friends to agree ? Even with the 24 hour delay, what could go wrong ? The guy is dead afterall. This isn’t exclusive to death either. Any group of 3 mischievous friends can collaborate. Should I not be in a state to follow up within 24 hours. What then ?

To its credit Facebook does have it covered. But should that be the only measure ?

I’d love your opinion on this.