Apple sued by customer because 2FA “takes too long”
Computer giant Apple is being sued after one of its customers claims that the tech company’s security feature 2FA (two factor authentication) results in taking too long to log into an Apple account.
Jay Brodsky is launching a class action suit against Apple after – he claims – they automatically enabled 2FA on his Apple account and failed to provide sufficient notice that the security feature cannot be removed after fourteen days of being enabled.
It is true that after two weeks of using 2FA, the security feature cannot be removed from an Apple account. However the feature is opt-in only, meaning users should have to explicitly give their consent to activate the feature.
2FA is a technology meaning you need more than just a password to access an account. Typically this can mean getting a SMS code sent to your phone to enter as well. However this 2FA code is only usually needed when logging into an Apple account from an unrecognised device.
Sponsored Content. Continued below...
According to the lawsuit, logging in can take anywhere between 2-5 minutes, and this can subsequently lead to harm and economic loss based on the time “wasted” to log into an account.
First, Plaintiff has to enter his selected password on the device he is interested in logging in. Second, Plaintiff has to enter password on another trusted device to login. Third, optionally, Plaintiff has to select a Trust or Don’t Trust pop-up message response. Fourth, Plaintiff then has to wait to receive a six-digit verification code on that second device that is sent by an Apple Server on the internet. Finally, Plaintiff has to input the received six-digit verification code on the first device he is trying to log into. Each login process takes an additional estimated 2-5 or more minutes with 2FA.”
Brodsky, however, is likely to run into some serious issues with his class action suit; many are calling the class action lawsuit frivolous.
For example, Apple is likely to contest the time it takes to login with 2FA. Many tech experts have replicated logging in with 2FA enabled and argued Brodsky’s claim of 2-5 minutes, instead stating that logging in can take anywhere between 20-40 seconds.
Additionally, as we pointed out above, 2FA isn’t needed every single time you login. The additional code is only required if logging into an account for the first time with an unrecognised device.
With two-factor authentication, your account can only be accessed on devices you trust, like your iPhone, iPad, or Mac. When you want to sign in to a new device for the first time, you’ll need to provide two pieces of information—your password and the six-digit verification code that’s automatically displayed on your trusted devices.
Apple would also likely contest the claim that Brodsky’s account was automatically opted in to 2FA since account holders had to explicitly give their consent.
And finally, Apple would likely contest the suits claim that 2FA is a “waste of time”. 2FA (or preferably 2SA) is a strongly recommended security feature. Apple accounts in particular are targets of phishing scams where account holders are tricked into giving up their account passwords and handing over control of their accounts – something that 2FA can prevent from happening.
Sponsored Content. Continued below...
It was these scams that led to many of the well-documented celebrity leaked photos from 2015, where various celebrities saw their iCloud accounts (that had synced with their smartphones) compromised and sensitive photos stolen.
Bizarrely, Brodsky is accusing Apple of violating the U.S. Computer Fraud and Abuse Act & California’s Invasion of Privacy Act, though how he will use those laws to make his case isn’t immediately clear.
For the record, we strongly recommend enabling 2FA on all your important online accounts. It isn’t a waste of time, and you don’t have to do it every single time you login, despite the claims in this lawsuit. You can learn more about 2FA in our article here providing easy tips on securing your online accounts.