Here’s an interesting recipe for some pain - blogged under the good Samaritan principle.

TL;DR: Xbox Live doesn’t handle two factor authentication; generate an application specific password instead.

Combine together the following ingredients:

  • My Microsoft ID, configured for two-factor authentication and used for an Xbox Live account

  • My daughters Microsoft ID, also used for an Xbox Live account and configured as a child’s account with my account set as the parent

  • A change to the Xbox Live terms and conditions

What do you get?

The following scenario:

  • My daughter tries to run a game on our Surface Pro and is informed that there are new terms and conditions that she’ll need to accept within the “Games” app

  • The Games app shows the updated terms and conditions, but when she tries to accept the update, she is informed that she’ll need to use the Xbox Live website because she needs parental approval.

  • She signs in to the Xbox Live website and is presented with the new terms and conditions.

  • She accepts the conditions, and is asked to get her parent to log on to confirm acceptance of the new terms and conditions.

  • I sign in by entering my Microsoft ID and we’re taken back to the Xbox Live website and are presented with the new terms and conditions.

If that last step sounds like the third step then you’re paying attention - they’re identical. The system is working in a loop, never progressing.

I found some additional information:

  • If I use another Microsoft ID instead of my own, the system correctly rejects that ID because it’s not the registered parental ID

  • If I get my password wrong, we get an error message.

After trying a few things, I stumbled upon a fix.

It seems that the site is accepting my Microsoft ID and password, but is failing to sign me in because it is skipping the second step - entering a code from my authenticator app on my phone.

The solution that worked for us was for me to go into the security settings of my account and generate a new application password; using that to authenticate against the Xbox Live website and to accept the updated terms and conditions worked first time.


blog comments powered by Disqus
Next Post
Contract for Online Access  10 Jan 2014
Prior Post
Fractals for Christmas  21 Dec 2013
Related Posts
Using Constructors  27 Feb 2023
An Inconvenient API  18 Feb 2023
Method Archetypes  11 Sep 2022
A bash puzzle, solved  02 Jul 2022
A bash puzzle  25 Jun 2022
Improve your troubleshooting by aggregating errors  11 Jun 2022
Improve your troubleshooting by wrapping errors  28 May 2022
Keep your promises  14 May 2022
When are you done?  18 Apr 2022
Fixing GitHub Authentication  28 Nov 2021
December 2013