I know that the article is a joke, but the last one is (or was?) actually used by Facebook as a forced mfa when it suspected a correct login to be "suspicious".
Of course, it's also a way to force users to tag their contact's photos and train Facebook's face detector by holding your account hostage until you comply, similar to those CAPTCHA street view challenges.
Besides, it only works if the attacker is a stranger, if it's an acquaintance (or a very dedicated stalker) then it doesn't work so well anymore.
Of course, it's also a way to force users to tag their contact's photos and train Facebook's face detector by holding your account hostage until you comply, similar to those CAPTCHA street view challenges.
Besides, it only works if the attacker is a stranger, if it's an acquaintance (or a very dedicated stalker) then it doesn't work so well anymore.