When I first signed up on Microsoft (to access my X-Box One device), I was provided the option to use the
TWO STEP VERIFICATION security option. I thought, "This is smart and awesome. Why WOULDN'T I want to add another level of security in an already terrifying hack-able world?"
I 100% regret my decision today.
For starters:
Two Step Verification means that, in order for you to access your account or reset your password, you would need to DL (download) the Authenticator application on your smartphone. The app provides a numeric code, refreshed every thirty seconds, which you
would need to input after entering your email address and password.
Sounds wonderful, right? Wrong. Why? Because what it doesn't tell you is that once you enable the Two Step Verification system, it basically means there is NO OTHER WAY to get into your account if you EVER lose access to your Authenticator.
I have experienced this first hand. Last week, my cell phone was just about destroyed while at work (industrial warehouse). There was no way to recover anything on the phone or access it. I didn't think much about it at the time. I mean, there is usually
ALWAYS another way to get into ones account, right? Every other service has multitudes of possibilities to do so.
Heck, at Google's mail service, you can do a myriad of other verification methods, from emailing your emergency contact or answering security questions that you (the USER) put in place yourself.
Lone and behold, as fate would have it, Sunday of this week I woke up to find that my Xbox signed me out of my account. No biggie, as I thought I knew the password. But after three times of trying to access it, denied each time, I acquiesced to not knowing
and chose to reset my password.
And THIS is when I learned the REALLY HARD AND DAMAGING IMPACT of Microsoft's Two Step Verification system.
I click the reset password, input my email address, and answer the (sometimes difficult to read) numeric and alphabetical anti-bot security protocol. It asks for my two-step verification code from my phone (the one that was destroyed). I select "I don't
have this". So it then asks for my 25 character recovery code.
25 character recovery code? Supposedly it is given when you first set up your account. Well, that's not true considering that I just made this new account (the one I created an hour ago) in order to post my grievance and it NEVER provided me with a 25 character
recovery code FOR EMERGENCY PURPOSES!
And even if it did and I missed it (entirely plausible but with its own question of how that was possible), who honestly saves it or prints it or has it ON HAND ready and waiting to be used for an instance such as RESETTING ONES PASSWORD. In 2 minutes flat
at GMAIL, I was back into my account. AND MY GMAIL's never been hacked!
So I select "I don't have" my 25 character recovery. It asks me to fill out a questionnaire form that will be submitted to Microsoft's Tech Support, verified, and then will contact me in 24 hrs to reset my password.
I Waited 24 hrs with no reply. I do some searches to see if others may have had this happen (which is stupid to say considering that it's more than likely that SOMEONE had to have a similar encounter) and I find that
it could take up to 30 DAYS for them to respond.
30 DAYS? Are you (expletive) kidding me? What person has 30 days to kick back? What if this was more than just getting back into ones device? I bet this wouldn't happen if i was a company, right?
After waiting 48 hrs, with NO contact from Microsoft, I decide to get into their online chat service to see if I can get someone on the line. Wrong idea. Microsoft doesn't BELIEVE in real people anymore, at least not helpful ones. They have a new automated
system in place, which not only ISN'T HELPFUL, but provides solutions that send you in a merry go round.
------------------------------------------
Automated AI:
Reset Password?
Go to link, and input two-step code.
Don't have the code? Input 25 recovery code.
No recovery code? Fill out questionnaire.
Want to talk to a person? Sure.
Go to link and sign in.
(repeat entire process top to bottom)
------------------------------------------
Decided to then actually CALL every Microsoft number that I could find to try to get a live person on the phone. Took twenty minutes of learning how to game the system (because once you say "Reset Password" the automation at the beginning tells
you that you can do that online, and then simply HANGS UP ON YOU!).
Finally got a lovely sounding woman named Maria on the phone. I tell her exactly what has been going on and she asks me to just go through the whole process so she can be sure. I play ball, because it isn't her fault, and after getting through it, she tells
me that the BEST SHE CAN DO is to push it to their Tier 3 department to handle. Oh, and wait 24 hrs. (Crickets)
I ask her if she can just verify I am who I say I am, by accessing my account on her end and having me provide the necessary answers that only I WOULD KNOW! Like CC information, date of birth, what color are my eyes, whatever security questions I had put
in place. Oh, wait, Microsoft doesn't BELIEVE IN SECURITY QUESTIONS. That would have been a smart idea, huh, Microsoft?
Anyhow, she tells me that because I put into place the two-step verification system, of which I cannot access, she can't do anything for me. Nothing except push my questionnaire up the chain. I ask her if there is anything
that can be done and she says, "I'm so sorry, no, nothing."
So, even with a real person, Microsoft hasn't given them the access to do anything to alleviate a customers woes or issues. What was the point in then HAVING a real person? It's just as useless as having an automated service that sends you in a merry go
round. And all this while, I own an expensive Microsoft console that is now a piece of shit just sitting on my TV unit, at least for a possible 29 days.
Oh, there is of course one solution that Microsoft is more than happy to peddle to people in this situation, and it is quite a (expletive) insult.
Create a new account.
Really? THAT IS YOUR ANSWER? "Oh, we're sorry that we've completely (expletive) you out of accessing your account when we were the ones who recommended this security to you in the first place. But hey, just create a new one, because its more fun the
second time around and we appreciate your service."
What am I to do with all the apps/games and services I've bought through Microsoft/Xbox stores that are (now!) on an inaccessible account? Any way to transfer all of that to a new account? Why yes, there is. BUT you have to sign in to the inaccessible account
in order to do that. MERRY GO ROUND, folks!!!!!!
They honestly expect you to get a new account and then REPAY for all the items that you already paid for. (expletive) that. What an absolutley horrible company.
This experience not only has made me regret getting a Microsoft account, but has also made me regret getting an Xbox One. To create a system that has no other alternative is theft and thievery. I've owned Sony PS consoles and never had this issue. I have
a GMAIL account, never had a problem. Even AOL (back in the day) was easier than this new age bull that Microsoft is peddling.
And yet I'm still the sucker still sitting on my hands waiting to use what I (expletive) paid for! But no more money will be shed by me to this corrupt institution or any others that do business with them. And if anyone who reads this agrees, join in the
fun.
