Macrumors posted an article on Saturday, February 9, 2019, titled “Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After Two Weeks”
— MacRumors.com (@MacRumors) February 9, 2019
Some key points may call into question whether or not Apple is using a bit of dark pattern UX to expediently persuade customers to adopt this complex feature.
The key assertion of the complaint is accurate – one cannot eventually turn off or otherwise reverse the choice to move to Two-factor Authentication.
Here are some things that go against good user experience design practices:
There are commenters on the Macrumors article that suggest that people are “dumb” if they want to turn it off and lose security features. However, there are valid use cases for wanting to turn this feature off – so if that’s not possible there are people who would like to be aware of that information up front and may choose not to adopt the feature.
When a promotion uses wording that expresses a certain mental model to users such as the idea of turning something on – people tend to expect the converse option of being able to turn something off. Apple explains its step one as “Turn on two-factor authentication in Settings”, so they are responsible for insinuating the expectation. Related Apple email messaging uses the word ‘enable’ which also sets an expectation of ‘disable’ (third parties talking about this matter are referring to Apple’s feature as ‘opt-in’, which also suggests a method of ‘opt-out’).
If Apple wanted to describe this offering clearly, they would say something like “Switch your account over to two-factor authentication – an effective security upgrade that cannot be reversed” – this might give certain users pause and allow them to consider the tradeoffs of security vs other personal concerns (i.e. make a well-informed choice).
The important irreversibility details effectively contradict the way they ‘sell’ the commitment level of the feature. In addition, they separate and include those details further down the page in an FAQ style section. It certainly does seem like Apple is using content strategy techniques to knowingly obfuscate irreversibility with its ‘easy’ two-part instructions pattern in the main content area.
It’s my assumption that Apple has probably been aware of this issue for some time, even if it was not initially the goal. It’s also my hypothesis that a design-driven company must intentionally make a decision to sustain knowingly-flawed user experiences.
Image source: Apple website “Two-factor authentication for Apple ID” captured February 10, 2019