Here’s an interesting recipe for some pain - blogged under the good Samaritan principle.

TL;DR: Xbox Live doesn’t handle two factor authentication; generate an application specific password instead.

Combine together the following ingredients:

  • My Microsoft ID, configured for two-factor authentication and used for an Xbox Live account

  • My daughters Microsoft ID, also used for an Xbox Live account and configured as a child’s account with my account set as the parent

  • A change to the Xbox Live terms and conditions

What do you get?

The following scenario:

  • My daughter tries to run a game on our Surface Pro and is informed that there are new terms and conditions that she’ll need to accept within the “Games” app

  • The Games app shows the updated terms and conditions, but when she tries to accept the update, she is informed that she’ll need to use the Xbox Live website because she needs parental approval.

  • She signs in to the Xbox Live website and is presented with the new terms and conditions.

  • She accepts the conditions, and is asked to get her parent to log on to confirm acceptance of the new terms and conditions.

  • I sign in by entering my Microsoft ID and we’re taken back to the Xbox Live website and are presented with the new terms and conditions.

If that last step sounds like the third step then you’re paying attention - they’re identical. The system is working in a loop, never progressing.

I found some additional information:

  • If I use another Microsoft ID instead of my own, the system correctly rejects that ID because it’s not the registered parental ID

  • If I get my password wrong, we get an error message.

After trying a few things, I stumbled upon a fix.

It seems that the site is accepting my Microsoft ID and password, but is failing to sign me in because it is skipping the second step - entering a code from my authenticator app on my phone.

The solution that worked for us was for me to go into the security settings of my account and generate a new application password; using that to authenticate against the Xbox Live website and to accept the updated terms and conditions worked first time.

Comments

blog comments powered by Disqus