Never mind that ... look at next quarter's profit numbers and dividend. Like all corporations the only cohort they care about are their shareholders and executive suite.
Also: minimum age to sign up is 16. But you need to be 18 to verify your account. And if you’re locked out, you need to verify your account and log in to open a ticket saying that you can’t log in…
Well, that's actually 3 failures: UX designed to create an impossible flow, AI-based user blocking, and a lack of customer service.
By comparison, something similar happened when I was hired by Meta. Visiting the 2FA page caused my account to be insta-locked. It turned out that I had another account under an email address domain I no longer had access to. They were eventually able to fix it with an Oops request.
In conclusion, it doesn't matter so much if tech is imperfect if the support is good. But without good support, any small inconvenience or issue can easily spiral to become a show stopper.
And this is one of the (many) reasons that I have self-hosted my email for the last 20 years. Sure, I have had outages, and one or two times I have had to drop everything to fix the server due to a botched upgrade. But each time this happened it was my own fault and I myself was able to fix it. I have NEVER lost access due to some automated system putting me in the wrong category.
By the way, the biggest griefs I have had with self-hosting my email has been due to Microsoft. Their way of categorizing spam can pretty much be summed up to: does it come from an explicitly whitelisted commercial email provider? Probably not spam, otherwise: spam. They are criminally incompetent (also) in this area.
Also if you have multiple microsoft 365 accounts, switching between those in the webapp seems to be impossible for years already. There's a switch account option, you can click it and sign in to another account, except you just stay logged in as the previous account.
This kind of issue is absurdly common. I’ve seen basically the same thing with Microsoft, Amazon and Google—personally and with others.
With Google, it’s well-documented that sometimes, even if you don’t have 2FA turned on and you know your password, they simply won’t let you log in without some sort of additional verification… which may not be possible. This hit me once while overseas, I think I managed to get in by tunnelling through my VPS in Australia. And if you can’t do this, you’re stuck, because Google simply doesn’t have support.
With Amazon, I was finally able to find one way of contacting them that didn’t require signing in, and when I finally got to a human, the problem was immediately fixed.
I've encountered something similar with Apple. I tried to create an Apple id on a reconditioned Mac. It said the machine had been used too many times to create an Appleid. In the process it seemed to flag my phone number so I was unable to create an account on another device. The two support chats just told me to try again with no change. The first chat took about 40 minutes, there was a 5 minute pause on every response from them. At least on the 2nd chat I was able to ask for a 2nd level support call who fixed the problem.
I've also been experiencing issues with the Authenticator app and Outlook, and it seems many others online are facing similar problems [0][1].
It's genuinely disappointing that using the Microsoft Authenticator app is a mandatory requirement for work, especially since they introduced the tap the correct number thing.
It's well known some things will trip those flags, probably not what all of them are or why, but most of them inappropriately (e.g. rating IP trustworthiness, but also simple HTTP requests that look "odd"). It's also well understood you have little to no options available as contacting support, live human or not as it may be, is made intentionally opaque and difficult or completely impossible. They just don't care, there's no reason to when you're one of the many hundreds of millions using their service most likely at no cost, and it's not unique to Microsoft. It's not that they became incompetent (they are, objectively), they simply never cared about you.
Cases were the software developer is not being directly paid for their services will be dismissed to make way in the docket for such enshittification cases
I think that they just wanted your mobile phone number in order to do 2 factor logins and they don't know how to do it without breaking the day with their inept system messaging and inputs.
All of the tech giants have really broken account recovery flows. They've all been glomming on recovery options, single sign-on, 2FA, etc features and none of it is coherent, with lots of dead ends where the optional recovery option it suggests isn't actually supported.
Amazon has a lot of issues with accounts shared between their national storefronts. I lost a Google account that owns a YouTube channel since it wants to 2FA to a long-gone phone number. Apple has a lot of oddities when you used different emails for your Apple ID, iTunes Connect, and iTunes before they unified everything.
One great example though is Facebook
My wife's Facebook account recently got hacked, and I managed to recover it though this crazy workflow:
The hacker had removed her email address and phone number from the account, changed her password, and added their controlled Meta account as a connected account. This connected account had an email but no password, so it could not be removed without adding a password to it, which required verifying the attackers email address.
None of the account recovery tools worked (including the “this wasn’t me” link in the Facebook “did you just delete your phone number” email - what is the point of that link) - they couldn’t find her account by email or phone number, and even though the Facebook app itself was still logged in, none of the account center tools allowed us to do anything without the new password. It also did not allow us to remove the connection to the hackers Meta account or log it out from their devices because it had no password and it would become orphaned with no login.
What seems to have worked for us:
1. Open the still-logged-in FB Messenger app on her phone. It now asks to add a phone number to enhance security. We did this.
2. Now install WhatsApp and sign up using the phone number.
3. Now go into the Facebook app, change password, I forgot my password, and use WhatsApp as 2-factor authentication.
4. Now we have control of the password again! We also added a app (TOTP) 2-factor authentication and iOS passkey to her account at this point to add more options for control.
5. Go to Meta Quest website (meta dot com), and log in via Facebook. This logs us into the attackers account!
6. We could now add a 2-factor authentication to the hackers account, after which it also now let us change the password of the attackers account without knowing the old one.
7. With a password on the account, we can now log them out of all other devices (the attackers phone).
8. We could also now change the permissions so the attackers Meta account could not be used to log in to her Facebook account, but it’s still listed as a related account since it requires email confirmation to remove.
9. Managed to use the 2-factor code to reset the email address on the attackers meta account, so now we own it completely!
Microsoft became miserably incompetent in IT in the 1980s. I'm saying this for decades now: If there is one thing that Microsoft is realy bad at then it's software. Almost every piece of software they produce is worse than the alternatives.
43 comments
[ 3.0 ms ] story [ 43.9 ms ] threadAlso: minimum age to sign up is 16. But you need to be 18 to verify your account. And if you’re locked out, you need to verify your account and log in to open a ticket saying that you can’t log in…
This is an unsubstantiated claim. Right after he said he prefers to provide references for what he says.
By comparison, something similar happened when I was hired by Meta. Visiting the 2FA page caused my account to be insta-locked. It turned out that I had another account under an email address domain I no longer had access to. They were eventually able to fix it with an Oops request.
In conclusion, it doesn't matter so much if tech is imperfect if the support is good. But without good support, any small inconvenience or issue can easily spiral to become a show stopper.
By the way, the biggest griefs I have had with self-hosting my email has been due to Microsoft. Their way of categorizing spam can pretty much be summed up to: does it come from an explicitly whitelisted commercial email provider? Probably not spam, otherwise: spam. They are criminally incompetent (also) in this area.
With Google, it’s well-documented that sometimes, even if you don’t have 2FA turned on and you know your password, they simply won’t let you log in without some sort of additional verification… which may not be possible. This hit me once while overseas, I think I managed to get in by tunnelling through my VPS in Australia. And if you can’t do this, you’re stuck, because Google simply doesn’t have support.
With Amazon, I was finally able to find one way of contacting them that didn’t require signing in, and when I finally got to a human, the problem was immediately fixed.
It's genuinely disappointing that using the Microsoft Authenticator app is a mandatory requirement for work, especially since they introduced the tap the correct number thing.
[0] https://www.reddit.com/r/Outlook/comments/1m4wp7h/microsoft_...
[1] https://learn.microsoft.com/en-us/answers/questions/4376965/...
Cases were the software developer is not being directly paid for their services will be dismissed to make way in the docket for such enshittification cases
But this is not new, they were already like this a long time ago.
The rose tint is strong in these glasses. When was their support great? Or is the author simply confused about what tech they were a lead in?
Amazon has a lot of issues with accounts shared between their national storefronts. I lost a Google account that owns a YouTube channel since it wants to 2FA to a long-gone phone number. Apple has a lot of oddities when you used different emails for your Apple ID, iTunes Connect, and iTunes before they unified everything.
One great example though is Facebook
My wife's Facebook account recently got hacked, and I managed to recover it though this crazy workflow:
The hacker had removed her email address and phone number from the account, changed her password, and added their controlled Meta account as a connected account. This connected account had an email but no password, so it could not be removed without adding a password to it, which required verifying the attackers email address.
None of the account recovery tools worked (including the “this wasn’t me” link in the Facebook “did you just delete your phone number” email - what is the point of that link) - they couldn’t find her account by email or phone number, and even though the Facebook app itself was still logged in, none of the account center tools allowed us to do anything without the new password. It also did not allow us to remove the connection to the hackers Meta account or log it out from their devices because it had no password and it would become orphaned with no login.
What seems to have worked for us:
1. Open the still-logged-in FB Messenger app on her phone. It now asks to add a phone number to enhance security. We did this.
2. Now install WhatsApp and sign up using the phone number.
3. Now go into the Facebook app, change password, I forgot my password, and use WhatsApp as 2-factor authentication.
4. Now we have control of the password again! We also added a app (TOTP) 2-factor authentication and iOS passkey to her account at this point to add more options for control.
5. Go to Meta Quest website (meta dot com), and log in via Facebook. This logs us into the attackers account!
6. We could now add a 2-factor authentication to the hackers account, after which it also now let us change the password of the attackers account without knowing the old one.
7. With a password on the account, we can now log them out of all other devices (the attackers phone).
8. We could also now change the permissions so the attackers Meta account could not be used to log in to her Facebook account, but it’s still listed as a related account since it requires email confirmation to remove.
9. Managed to use the 2-factor code to reset the email address on the attackers meta account, so now we own it completely!
I have a Gmail account lost because they unilaterally activated 2FA on it with a fake phone number (something like 111111111).
And for Apple, moving abroad made the appleid system crash in an loop and nobody in the support system has any idea how appleid works.
Do not use any of the tech giants for any important data.