large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Apple hit with two-factor lawsuit alleging 2FA is too disruptive

Apple are facing legal trouble again, after a class action lawsuit has been filed  alleging the California-based tech giant’s two-factor authentication takes too long and is disruptive to users.

The suit has been filed by Jay Brodsky in California, and claims that  the two-factor authentication doesn’t get user consent before enabling, and then it “imposes an extraneous logging in procedure that requires a user to both remember password and have access to a trusted device or trusted phone number” to use a device when 2FA is enabled.

It seems like a somewhat frivolous lawsuit, but could have wide-ranged effects on the technology industry if it’s successful. However, it’s hard to take the concerns seriously when someone is firing up a lawsuit to complain about having to remember a password.

The paperwork around this file alleges that harm is being done as a result of the 2FA, and that it was added via a software update in or around September 2015. The paperwork also suggests that harm is being done as potential class members “have been and continue to suffer harm” as a result of Apple’s 2FA.

It also suggests that several members may have  suffered economic damage due to the time they’ve spent unlocking their phones using 2FA, which is nearly incredulous enough to make this staffer laugh out loud, although no doubt is a serious concern that should be treated very seriously indeed. Especially as the process supposedly takes between two and five minutes to complete, even single time.

“First, Plaintiff has to enter his selected password on the device he is interested in logging in,” says the suit. “Second, Plaintiff has to enter password on another trusted device to login. Third, optionally, Plaintiff has to select a Trust or Don’t Trust pop-up message response. Fourth, Plaintiff then has to wait to receive a six-digit verification code on that second device that is sent by an Apple Server on the internet. Finally, Plaintiff has to input the received six-digit verification code on the first device he is trying to log into. Each login process takes an additional estimated 2-5 or more minutes with 2FA.”

You can see the full filing here.

It’s not our place to comment on any legal proceedings, but we’ve got a couple of Apple users here in the office, and we struggled to get a two-factor auth warning to pop up in the first place. However, after we did, team Trusted managed to finish their 2FA log-ins in around 30 seconds each.

Using Apple’s 2FA? Struggling with how long it takes? Let us know your thoughts on Twitter at @TrustedReviews

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.