Apple Could Learn A Thing Or Two From Microsoft About Authentication

Let me explain how my Saturday started, at around 10AM my daughter told me she was not feeling her best; when I went to pick her up and walk her to the bedroom to watch some TV and rest, she vomited all over me. After calming down the calamity that projected its way into my house, it was time for some water, a movie or two, and rest to help my daughter get over her illness.

Earlier in the week, I enabled Apple’s two-factor authentication; security is good, right? I am always an advocate of two-factor authentication (2FA) but the key for this security measure to work effectively is that for the end user, it has to be a simple and fluid experience. What Apple has created is a mechanism that works well, as long as you abide by their planned obsolescence product lifecycles.

Once the hysteria of a toddler who is vomiting settled down, I powered on my Apple TV and attempted to turn on Frozen but was immediately prompted to login to my Apple account. No big deal, I turned on 2FA and should expect this on each device where I was previously authenticated but here is where the experience breaks down.

My device asked for my password, which worked correctly, and then my phone pinged with a notification asking if I had tried to login to a new device to which I approved the request. From there, my phone told me to enter a 6-digit number but this is where the problem starts.

Apple’s push notification showed a six-digit number but my phone, we use the Remote app to control the TV, had a prompt asking to enter four digits (see images below). Confused, I tried entering first four digits on my phone and as you would guess, it failed. Tried the process again, re-entered my password, push notification with six-digit PIN and the phone asked for a four-digit number.

At this point, I’m a bit confused as to what to do and my daughter, who is now getting sick again, is asking why I can’t get it to work. Per usual, I asked on Twitter for a bit of help and what I received was not good news.

The short answer is that you need tvOS to have 2FA work correctly and my older generation devices will not work with the new security layer, to which I say is utter crap on Apple’s part. There are a couple options to try as a work-around, including putting the six digit PIN after my password when authenticating the first time but none of this information is presented by Apple when I needed it most, trying to login.

During this 2FA failure my patience for keeping my account secure with the additional layer dwindle. After about 30 minutes of trying, I eventually turned off 2FA and my daughter was able to watch Frozen and take a nap.

Here’s the thing, Paul and I often call out Microsoft for their shortcomings when there is another company in the marketplace doing what it is doing, but better. Here, Apple has pushing 2FA auth but Microsoft has bested them with the experience.

With Microsoft, if you have 2FA enabled, you download the authenticator app and when trying to login to a website (or service), after entering your password (correctly), a push notification is sent to your phone and you simply have to hit accept. There is no additional “enter this number” or anything like that, you hit accept, and magically, you are able to login. Granted, Microsoft has had its share of issues in the past with 2FA but they have ironed out these problems.

Microsoft has perfected this experience and Apple needs to catch-up. The fact that they are not properly supported additional security measures on older, but still updated hardware (I have received several software patches this year) is embarrassing for the company. What they want you to do is buy a new Apple TV but in my case, both my devices (the 1080P models) still work well and I don’t want to spend $250+ to enable 2FA. In this instance, Apple is placing the sale of new hardware over the security of its existing users.

It’s frustrating that Apple is this dense when it comes to security; for the average user who can struggle to find the right query on Google to surface their results, 2FA must be fool-proof across all of their devices. And that’s the problem, the people who benefit most from 2FA are those who are likely to get tricked by malware or emails that look authentic but steal your password and with Apple making the experience less than optimal, it’s putting accounts at risk.

I will try again with a few workarounds that users have posted in forums about how to make 2FA work with the Apple TV running an older OS but the fact remains this is not a simple path for authentication and comes up short when compared to Microsoft’s tools.