Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
DrMacintosh

Apple is being sued because 2FA "takes too long"

Recommended Posts

Posted · Original PosterOP

A user is suing Apple, claiming that Apple's 2 Factor Authentication system takes too long and is disruptive to users. The plaintiff also claims that Apple's 2 Factor authentication system is abusive because you cannot switch back to a less secure sign in method for 14 days after enabling 2FA on an iCloud account. 

Quote

The suit, filed by Jay Brodsky in California alleges that Apple doesn't get user consent to enable two-factor authentication. Furthermore, once enabled, two-factor authentication "imposes an extraneous logging in procedure that requires a user to both remember password; and have access to a trusted device or trusted phone number" when a device is enabled.

So yes, Jay here is upset that the default option for setting up sign in options for iOS and Mac devices is to use 2FA. Further Jay is upset that it takes so long to verify who he is. 

Quote

Filing paperwork associated with the suit also alleges that harm is being done, and potential class members "have been and continue to suffer harm" including economic losses, based on a waste of personal time for an extended login process that has become a multiple-step process.

Yes, harm is being done by ensuring that your account is secure that that people cannot hack your iCloud account and gain access to information that could literally ruin your business or your life. I'm sorry that the ~8 seconds it takes to log in with 2FA prevents that. Perhaps if Apple were not to enable 2FA by default, this guy would be ok with his account being easily hackable? (of course not, he would probably sue!)

 

You just can't please people. This is a perfect example of someone just looking to make a quick buck at the expense of a business. Its low, its slimy, and anyone who does it defiantly has 0 class. 

 

The plaintiff is also exaggerating reality (and possibly straight up lying), calming that logging in with 2FA enabled takes up to 5min, when in reality it takes about 5 seconds. 

Quote

First, Plaintiff has to enter his selected password on the device he is interested in logging in. Second, Plaintiff has to enter password on another trusted device to login. Third, optionally, Plaintiff has to select a Trust or Don't Trust pop-up message response. Fourth, Plaintiff then has to wait to receive a six-digit verification code on that second device that is sent by an Apple Server on the internet. Finally, Plaintiff has to input the received six-digit verification code on the first device he is trying to log into. Each login process takes an additional estimated 2-5 or more minutes with 2FA."

In reality, after a user has trusted devices enabled on their account, when they attempt to log into a service that uses their Apple ID, their Trusted devices are immediately pinged to allow the log in, and the after the log in is approved the user must enter a 6 digit pin displayed on a trusted device into the device they are trying to log into. The log in is complete once the servers verify the pin matches. This process takes approximately 8 seconds. 

 

Here is the case behind his money grab:

Quote

The suit is demanding injunctive relief, fines and penalties assessed on Apple in accordance with the Computer Fraud and Abuse Act, and is seeking "all funds, revenues, and benefits" that Apple has "unjustly received" from the action, but what precisely that entails isn't listed in the filing documents. The filer is also asserting that Apple is violating California's Invasion of Privacy act, but how that applies also isn't immediately clear.

Hopefully the case gets thrown out and this guy can go get a job. 

 

Source: https://appleinsider.com/articles/19/02/09/apple-being-sued-because-two-factor-authentication-on-an-iphone-or-mac-takes-too-much-time


Laptop: 2016 13" nTB MacBook Pro Core i5 | Phone: iPhone 8 Plus 64GB | Wearables: Apple Watch Sport Series 2 | CPU: R5 2600 | Mobo: ASRock B450M Pro4 | RAM: 16GB 2666 | GPU: ASRock RX 5700 8GB | Case: Apple PowerMac G5 | OS: Win 10 | Storage: 480GB PNY SSD & 2TB WD Green HDD | PSU: Corsair CX600M | Display: Dell 27 Gaming Monitor S2719DGF 1440p @155Hz, Dell UZ2215H 21.5" 1080p, ViewSonic VX2450wm-LED 23.6" 1080p | Cooling: Wraith Prism | Keyboard: G610 Orion Cherry MX Brown | Mouse: G303 | Audio: Audio Technica ATH-M50X & Blue Snowball
Link to post
Share on other sites

Pretty much every aspect of Apple's auth system is the fastest in its category... What is this guy on about?


LTT 2019 Folding Month Rank: 49    Score: 60,484,697

Current LTT F@H Rank: 33    Score: 384,430,073   Stats

My main Rig (Hybrid Windows 10/Arch Linux):

OS: Arch Linux w/ XFCE DE (Kernel 5.3.13 VFIO) as host OS, windows 10 as guest

CPU: Ryzen 9 3900X w/PBO on (6c 12t for host, 6c 12t for guest)

Cooler: Noctua NH-D15

Mobo: Asus X470-F Gaming

RAM: 16GB G-Skill Ripjaws V @ 3000MHz (8GB for host, 8GB for guest)

GPU: Guest: EVGA GTX 1060 SC Host: 2x Radeon HD 8470

PSU: EVGA G2 650W

SSDs: Guest: Samsung 850 evo 120 GB, Samsung 860 evo 1TB Host: Samsung 970 evo 500GB NVME

HDD: Guest: WD Caviar Blue 1 TB

Case: Fractal Design Define R5 Black Windowed

Other: White LED strip to illuminate the interior. Extra fractal intake fan for positive pressure.

unRAID server (Plex, Windows 10 VM, NAS, urBackup, game servers):

OS: unRAID 6.7.0

CPU: Ryzen R7 2700x @ Stock

Cooler: Noctua NH-U9S

Mobo: Asus Prime X470-Pro

RAM: 24GB Hyperx Fury Black @ 2900MHz 16-16-16-28

GPU: EVGA GTX 1080 FTW2

PSU: EVGA G3 850W

SSD: Samsung 970 evo 250GB

HDDs: 4x HGST Dekstar NAS 4TB @ 7200RPM (3 data, 1 parity)

Case: Sillverstone GD08B

Other: Added 3x Noctua NF-F12 intake, 2x Noctua NF-A8 exhaust, Inatek 5 port USB 3.0 expansion card with usb 3.0 front panel header

Details: 12GB ram, GTX 1080, USB card passed through to windows 10 VM. VM's virtdisk is on the SSD. Rest of resources are for Plex, urBackup, Gitlab, Nextcloud, and game servers.
 

Inventory: CPU: Delidded i7 6700k @ 4.7GHz 1.46v  Motherboard: ASUS Z170-A

Link to post
Share on other sites
Just now, firelighter487 said:

Apple 2FA is the fastest 2FA i have ever experienced. what is this guy talking about?

Make him use Epic's account 2FA with the email verification code. They have forums of people waiting days or more to get the code :P


5820K 4.0GHz | NH D15S | 32 GB RAM | Titan V | ASUS PG348Q+MG278Q

 

Link to post
Share on other sites

Yes, people have been known to sue for frivolous reasons, but i will actually have to reserve judgement, and here's why:

 

Remember that woman who sued McDonald's for hot coffee? Yes everyone remembers her as a hack who tried to get some free cash for something mundane.

Only here's the problem. After her coffee spill, she suffered 3rd degree burns and actually went into a coma for a few days. She won the lawsuit and got something like 5 million dollars from McDonald's, but they're done so much to make the case look ridiculous to protect their public image.

 

@DrMacintosh nothing against your reporting but I'm not sure these details are to be trusted quite so soon, there may be more to come to light.


I WILL find your ITX build thread, and I WILL recommend the SIlverstone Sugo SG13B

 

Primary PC:

i7 8086k (won) - EVGA Z370 Classified K - G.Kill Trident Z RGB - Force MP500 - Jedi Order Titan Xp - The venerated Hyper 212 Evo (with RGB Riing flair) - EVGA G2 650W - Black and green theme, Razer branwashed me.

Draws 400 watts under max load, for reference.

 

Linux Proliant ML150 G6:

Dual Xeon X5560 - 24GB ECC DDR3 - GTX 750 TI - old Seagate 1.5TB HDD - Dark moded Ubuntu (and Win7, cuz why not)

 

EVGA G3 threadSeasonic Focus threadUserbenchmark (Et al.) is trash explained, PSU misconceptions, protections explainedgroup reg is bad

Link to post
Share on other sites
3 minutes ago, fasauceome said:

Remember that woman who sued McDonald's for hot coffee? Yes everyone remembers her as a hack who tried to get some free cash for something mundane.

Only here's the problem. After her coffee spill, she suffered 3rd degree burns and actually went into a coma for a few days. She won the lawsuit and got something like 5 million dollars from McDonald's, but they're done so much to make the case look ridiculous to protect their public image.

Yeah, but she sustained injuries and went into a coma. As far as I can tell, this guy hasn't. 

I really don't think anyone is being harmed by the fact that '2FA takes too long'.

IMO this whole case is just a cash cow. Nothing more, nothing less.

 

Quote

nothing against your reporting but I'm not sure these details are to be trusted quite so soon, there may be more to come to light.

I agree. There may be more information that has been missed out. If there's information missed out, who's to say the information they gave you is correct?


 

 

 

 

My PC:

Spoiler

CPU: i5 4460

Motherboard: Gigabyte B85M-HD3

RAM: 8GB AMD DDR3 1600MHz

GPU: Nvidia GeForce GTX 960 2GB

Case: In Win Mana 136

Storage: Crucial MX500 250GB + WD Blue 1TB

PSU: Corsair CX450M

Monitor: Blaupunkt 32" TV + Samsung S24D590L 

Cooling: Knockoff of an Intel stock cooler

Keyboard: Steelseries Apex M500 (Cherry MX Red, UK layout)

Mouse: Corsair Scimitar Pro RGB

My phone:

Spoiler

Samsung Galaxy Note 9 (N960F)

CPU: Samsung Exynos 9810

RAM: 6GB

GPU: Mali-G72 MP18

Storage: 128GB internal storage + 128GB Samsung microSD card

My laptop:

Spoiler

Acer Nitro 5

CPU: AMD Ryzen 5 2500U

RAM: 8GB DDR4

GPU: AMD Radeon RX 560X

Storage: 1TB HDD

 

Link to post
Share on other sites

LOL! The lawyers are also clueless! Directly from their legal claim documents!

Neither of these are 2FA code requests.. one is when connecting to iTunes the first time for syncing, the other is asking for the Passcode, for an iOS update...

 

Neither of these require an addition device, or a 2FA prompt where they need to click allow, and get a 6 digit code to enter.

 

https://www.scribd.com/document/399265266/Brodsky-versus-Apple-alleging-that-two-factor-authentication-is-abusive-to-users#fullscreen&from_embed

 

 

Screenshot_41.jpg


5820K 4.0GHz | NH D15S | 32 GB RAM | Titan V | ASUS PG348Q+MG278Q

 

Link to post
Share on other sites
Posted · Original PosterOP
2 minutes ago, fasauceome said:

but I'm not sure these details are to be trusted quite so soon, there may be more to come to light.

Possible but highly unlikely. This guy is more than likely a fraud. 


Laptop: 2016 13" nTB MacBook Pro Core i5 | Phone: iPhone 8 Plus 64GB | Wearables: Apple Watch Sport Series 2 | CPU: R5 2600 | Mobo: ASRock B450M Pro4 | RAM: 16GB 2666 | GPU: ASRock RX 5700 8GB | Case: Apple PowerMac G5 | OS: Win 10 | Storage: 480GB PNY SSD & 2TB WD Green HDD | PSU: Corsair CX600M | Display: Dell 27 Gaming Monitor S2719DGF 1440p @155Hz, Dell UZ2215H 21.5" 1080p, ViewSonic VX2450wm-LED 23.6" 1080p | Cooling: Wraith Prism | Keyboard: G610 Orion Cherry MX Brown | Mouse: G303 | Audio: Audio Technica ATH-M50X & Blue Snowball
Link to post
Share on other sites
1 minute ago, 1kv said:

Yeah, but she sustained injuries and went into a coma. As far as I can tell, this guy hasn't. 

I really don't think anyone is being harmed by the fact that '2FA takes too long'.

IMO this whole case is just a cash cow. Nothing more, nothing less.

 

Like I said, maybe something did happen to this guy. I don't know much about the publication Apple Insider, but if they're biased in favor of apple, there's a chance they left out key details. 

 

On the face of it, yeah this looks like a garbage case I've got no sympathy for the guy if it is.


I WILL find your ITX build thread, and I WILL recommend the SIlverstone Sugo SG13B

 

Primary PC:

i7 8086k (won) - EVGA Z370 Classified K - G.Kill Trident Z RGB - Force MP500 - Jedi Order Titan Xp - The venerated Hyper 212 Evo (with RGB Riing flair) - EVGA G2 650W - Black and green theme, Razer branwashed me.

Draws 400 watts under max load, for reference.

 

Linux Proliant ML150 G6:

Dual Xeon X5560 - 24GB ECC DDR3 - GTX 750 TI - old Seagate 1.5TB HDD - Dark moded Ubuntu (and Win7, cuz why not)

 

EVGA G3 threadSeasonic Focus threadUserbenchmark (Et al.) is trash explained, PSU misconceptions, protections explainedgroup reg is bad

Link to post
Share on other sites
Posted · Original PosterOP
Just now, fasauceome said:

Like I said, maybe something did happen to this guy.

Well you can’t sue on behalf of others unless it’s a class action. 

 

1 minute ago, fasauceome said:

I don't know much about the publication Apple Insider, but if they're biased in favor of apple, there's a chance they left out key details. 

Hey have no history of sugar coating news, especially lawsuits. 


Laptop: 2016 13" nTB MacBook Pro Core i5 | Phone: iPhone 8 Plus 64GB | Wearables: Apple Watch Sport Series 2 | CPU: R5 2600 | Mobo: ASRock B450M Pro4 | RAM: 16GB 2666 | GPU: ASRock RX 5700 8GB | Case: Apple PowerMac G5 | OS: Win 10 | Storage: 480GB PNY SSD & 2TB WD Green HDD | PSU: Corsair CX600M | Display: Dell 27 Gaming Monitor S2719DGF 1440p @155Hz, Dell UZ2215H 21.5" 1080p, ViewSonic VX2450wm-LED 23.6" 1080p | Cooling: Wraith Prism | Keyboard: G610 Orion Cherry MX Brown | Mouse: G303 | Audio: Audio Technica ATH-M50X & Blue Snowball
Link to post
Share on other sites

That sound like grade a example of someone reading that apple is a billion dollar company now and then thinking : "Hmm, how can i get a slice of that money".

Seriously, there are too many of those fake lawsuits.

Link to post
Share on other sites

BRB gonna sue Apple because my MBP doesn't ready my fingerprints after a 30 minute shower.


Come Bloody Angel

Break off your chains

And look what I've found in the dirt.

 

Pale battered body

Seems she was struggling

Something is wrong with this world.

 

Fierce Bloody Angel

The blood is on your hands

Why did you come to this world?

 

Everybody turns to dust.

 

Everybody turns to dust.

 

The blood is on your hands.

 

The blood is on your hands!

 

Pyo.

Link to post
Share on other sites
16 minutes ago, Dogeystyle said:

Can we be sure this Jay dude is not using an Iphone 4?

I can confirm that even on an iPhone 4 this is an exaggeration of an order of magnitude, assuming the app (Apple 2FA is not available on iOS 7) wasn't open.

12 minutes ago, Valentyn said:

snip

How does one press a button on a touchscreen? 🤔

Link to post
Share on other sites

The crap?


Resident Mozilla Shill.   Typed on my Ortholinear JJ40 custom keyboard
               __     I am the ASCIIDino.
              / _)
     _.----._/ /      If you can see me you 
    /         /       must put me in your 
 __/ (  | (  |        signature for 24 hours.
/__.-'|_|--|_|        
Link to post
Share on other sites

This is just nonsense. I could understand if they were suing Apple for the 2FA being limited to Apple devices and/or phone number which in some rare cases can cause problems. But it taking too long? Really? Well, without @DrMacintosh telling in which country this is happening, we don't need any extra tries to guess since there's really only one country where this kind of sue could happen.

Link to post
Share on other sites
41 minutes ago, firelighter487 said:

Apple 2FA is the fastest 2FA i have ever experienced. what is this guy talking about?

Google is pretty damn fast. If anything me fumbling around with my phone to unlock it after i forgot what im doing reqs 2FA is what makes it "slow" 😂


 Motherboard  ROG Strix B350-F Gaming | CPU Ryzen 5 1600 | GPU Sapphire Radeon RX 480 Nitro+ OC  | RAM Corsair Vengeance DDR4 3000MHz 2x8Gb | OS Drive  Crucial MX300 525Gb M.2 | WiFi Card  ASUS PCE-AC68 | Case Switch 810 Gunmetal Grey SE | Storage WD 1.5tb, SanDisk Ultra 3D 500Gb, Samsung 840 EVO 120Gb | NAS Solution Synology 413j 8TB (6TB with 2TB redundancy using Synology Hybrid RAID) | Keyboard SteelSeries APEX | Mouse Razer Naga MMO Edition Green | Fan Controller Sentry LXE | Screens Sony 43" TV | Sound Logitech 5.1 X530

Link to post
Share on other sites

having security HA GET FUCKED APPLE thatll teach yah not to have 2fa. 

Whats the goal? Sue to remove 2fa so someone can sue them for not having it? 


muh specs 

Gaming and HTPC (reparations)- ASUS 1080, MSI X99A SLI Plus, 5820k- 4.5GHz @ 1.25v, asetek based 360mm AIO, RM 1000x, 16GB memory, 750D with front USB 2.0 replaced with 3.0  ports, 2 250GB 850 EVOs in Raid 0 (why not, only has games on it), some hard drives

Screens- Acer preditor XB241H (1080p, 144Hz Gsync), LG 1080p ultrawide, (all mounted) directly wired to TV in other room

Stuff- k70 with reds, steel series rival, g13, full desk covering mouse mat

All parts black

Workstation(desk)- 3770k, 970 reference, 16GB of some crucial memory, a motherboard of some kind I don't remember, Micomsoft SC-512N1-L/DVI, CM Storm Trooper (It's got a handle, can you handle that?), 240mm Asetek based AIO, Crucial M550 256GB (upgrade soon), some hard drives, disc drives, and hot swap bays

Screens- 3  ASUS VN248H-P IPS 1080p screens mounted on a stand, some old tv on the wall above it. 

Stuff- Epicgear defiant (solderless swappable switches), g600, moutned mic and other stuff. 

Laptop docking area- 2 1440p korean monitors mounted, one AHVA matte, one samsung PLS gloss (very annoying, yes). Trashy Razer blackwidow chroma...I mean like the J key doesn't click anymore. I got a model M i use on it to, but its time for a new keyboard. Some edgy Utechsmart mouse similar to g600. Hooked to laptop dock for both of my dell precision laptops. (not only docking area)

Shelf- i7-2600 non-k (has vt-d), 380t, some ASUS sandy itx board, intel quad nic. Currently hosts shared files, setting up as pfsense box in VM. Also acts as spare gaming PC with a 580 or whatever someone brings. Hooked into laptop dock area via usb switch

Link to post
Share on other sites
4 minutes ago, Syntaxvgm said:

having security HA GET FUCKED APPLE thatll teach yah not to have 2fa. 

Whats the goal? Sue to remove 2fa so someone can sue them for not having it? 

Thanks for the idea, I'm going to get my lawyers ready.

 

Edit: this would require owning an apple device/using their services.  NVM.  you can have it @Noctus


Resident Mozilla Shill.   Typed on my Ortholinear JJ40 custom keyboard
               __     I am the ASCIIDino.
              / _)
     _.----._/ /      If you can see me you 
    /         /       must put me in your 
 __/ (  | (  |        signature for 24 hours.
/__.-'|_|--|_|        
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×