Facebook 2FA Login Using Selenium and C# (.NET Core)
In this article, I will guide you through the process of implementing Facebook login automation to accounts protected by Two Factor Authentication using Selenium and C# via .NET Core 3.1.
This article is a follow up to my previous article — Facebook Login Using Selenium and C# (.NET Core), and we’ll basically pick up where we left off.
I will not talk about the basics of setting up the project and implementing the login call, all of which are covered in my previous article. In this article, we will add 2FA support to the code demonstrated earlier.
In the previous article, we successfully automated the process of logging into a Facebook account. But as more and more accounts are now protected by 2FA, we need a way to automatically generate the 2FA code and enter it as part of the authentication workflow
The first thing we’ll need is to create a 2FA seed code — this code is what we will use in our code to calculate a 2FA code at runtime.
To get this code, Login to your Facebook account, and open your account’s settings page.
Select “Security and Login”
Under the Two-Factor Authentication options, click on the “Edit” button next to to the first option — “Use two-factor authentication”
For security reasons, Facebook will want you to enter your password again. When you are done, you will see the following screen:
Next, click on the “Manage” menu on to the Authenticator App row, and select “Add a new app”. The following popup will now appear:
The next step is to activate this code by scanning the QR code in a supported 2FA application. I recommend Authy (it has both Android and iOS versions).
Before you scan the QR code and move on to the next step, make sure you copy the code that appears to the left (8 words, 4 letters each). We will need this code later.
Once you scan the QR code on your mobile phone, click “Continue” and enter the generated code on your app.
If the code you entered was successfully accepted, Facebook might ask you for your password again, just to make sure you are who you say you are.
That was tedious, but we are now ready to use this code as our 2FA authentication seed in our automation code.
Let’s add a NuGet package to our project, to support 2FA code generation.
Right-click on the project’s name and select “Manage Nuget Packages”
In the “Browse” tab, enter “otp.net” to the search box
Install the Otp.NET NuGet package.
This NuGet package is pretty amazing. All the complexity of generating a dynamic 2FA code is compressed into these 3 lines of code:
Now we are ready to modify the Login method in our FacbookAutomation class:
Note that we added a new parameter to the method (“twoFactorAuthSeed”), we also set it to have a default value of null.
This will allow us to support both 2FA-enabled login workflows, and regular login workflows using the same method.
Now let's update our login call in the main method (found in the file Program.cs):
A couple of things to note here:
- We pass the 2FA seed code that we copied earlier as the 3rd parameter to the “Login” method.
- Make sure you remove all spaces between the “words” in the copied code.
I will also reiterate my warning from my previous article:
Remember never to check in your real credentials to any source control system.
That’s it. Run the program and witness how it all ties together.