Meta’s latest ill-conceived notion goes by the name Facebook Protect. The idea itself is not completely bad. It looks to add a layer of protection for specific groups more likely to be targeted by hackers such as journalists, human rights defenders, and government officials. Facebook Protect monitors these accounts for hacking attempts and turns on two-factor authentication (2FA) by default. Unfortunately, Meta has implemented it very poorly, and now many users are finding themselves locked out of their accounts. It all started in earlier this month with Meta’s poorly thought out idea of notifying these account holders via an email that sounded scammy. The email originates from “security@facebook.com” with the subject line reading, “Your account requires advanced security from Facebook Protect.” The body instructs users to turn on Facebook Protect by clicking a link in the email by a specific deadline (March 17), or else they would lose access to their account. It is an almost perfect model of the typical phishing email people have been conditioned to ignore, which many people did. Since Facebook had no other contingencies in place, like, oh, I don’t know, maybe a popup notification on logging in, these account holders had no other reason to believe the email was legit. But wait, there’s more. Meta also fumbled implementing Facebook Protect’s 2FA system correctly. Users who did manage to activate Facebook Protect are flooding Twitter, saying that 2FA refuses to accept their codes as entered despite several attempts. Meta has not acknowledged the situation on any of its Twitter accounts except for a brief tweet about six hours ago directing people to its “Why is my personal Facebook account disabled” help page, which is not that helpful in this situation.