Earlier in the week and got frustrated by the poor usability and user experience of the signup process for an Applie iTunes Store Account. Apparently the I had not climbed over enough hurdles just yet and needed a little more practise before I could enter the iTunes Store.
After completing the creation aspect of my Apple iTunes Account on my iPhone, I was sent a verification email to finalise and activate the account. The normal procedure followed is straight forward, an email is sent with a specific link within which when clicked verifies the newly created account. No messing around with needing to have software installed or any strangeness, just click the link and you’re done.
In the case of Apple, they provided the verification email with a simple link within. However, after clicking it on the iPhone the website informs me that it cannot verify it – but it is just a link, why not! I click the link from the desktop computer and after fumbling around for a while, click the ‘Done’ button thinking that’d do the trick but I was wrong.
As it turns out, the verification URL that is provided is a secure link (HTTPS) and not a standard link (HTTP). That is completely acceptable, in fact I’d go as far to say that I’m pleased they were using HTTPS to verify my new account. What Apple have completely failed to do, is make sure all of the different resources within that web page are all on HTTPS.
As most internet users are well aware now, if you’re viewing a secure web site over HTTPS and there are images, CSS or any other assets on the page that aren’t secured – the browser will throw up a security warning asking the user if they want to download the unsecured items.
Being a generally security conscious kind of guy, I clicked the option to only show me secured content. It turns out, that was a big mistake as there was an asset on the web page that was going to make iTunes perform the final stages of the account verification process.
I find it incredible, nearly unbelieveable that Apple would or could have such a completely crap signup process. They are one of the largest businesses in the world with a market capitalisation of some USD$40 billion and the can’t manage a smoother verification process.
All of the above rigmoral could have been avoided if they’d followed the route of virtually every other service that uses two phase signup processes and simplly verified my account when I clicked on the link instead of requiring iTunes to be involved.