Jump to content

Apple is being sued because 2FA "takes too long"

DrMacintosh

A user is suing Apple, claiming that Apple's 2 Factor Authentication system takes too long and is disruptive to users. The plaintiff also claims that Apple's 2 Factor authentication system is abusive because you cannot switch back to a less secure sign in method for 14 days after enabling 2FA on an iCloud account. 

Quote

The suit, filed by Jay Brodsky in California alleges that Apple doesn't get user consent to enable two-factor authentication. Furthermore, once enabled, two-factor authentication "imposes an extraneous logging in procedure that requires a user to both remember password; and have access to a trusted device or trusted phone number" when a device is enabled.

So yes, Jay here is upset that the default option for setting up sign in options for iOS and Mac devices is to use 2FA. Further Jay is upset that it takes so long to verify who he is. 

Quote

Filing paperwork associated with the suit also alleges that harm is being done, and potential class members "have been and continue to suffer harm" including economic losses, based on a waste of personal time for an extended login process that has become a multiple-step process.

Yes, harm is being done by ensuring that your account is secure that that people cannot hack your iCloud account and gain access to information that could literally ruin your business or your life. I'm sorry that the ~8 seconds it takes to log in with 2FA prevents that. Perhaps if Apple were not to enable 2FA by default, this guy would be ok with his account being easily hackable? (of course not, he would probably sue!)

 

You just can't please people. This is a perfect example of someone just looking to make a quick buck at the expense of a business. Its low, its slimy, and anyone who does it defiantly has 0 class. 

 

The plaintiff is also exaggerating reality (and possibly straight up lying), calming that logging in with 2FA enabled takes up to 5min, when in reality it takes about 5 seconds. 

Quote

First, Plaintiff has to enter his selected password on the device he is interested in logging in. Second, Plaintiff has to enter password on another trusted device to login. Third, optionally, Plaintiff has to select a Trust or Don't Trust pop-up message response. Fourth, Plaintiff then has to wait to receive a six-digit verification code on that second device that is sent by an Apple Server on the internet. Finally, Plaintiff has to input the received six-digit verification code on the first device he is trying to log into. Each login process takes an additional estimated 2-5 or more minutes with 2FA."

In reality, after a user has trusted devices enabled on their account, when they attempt to log into a service that uses their Apple ID, their Trusted devices are immediately pinged to allow the log in, and the after the log in is approved the user must enter a 6 digit pin displayed on a trusted device into the device they are trying to log into. The log in is complete once the servers verify the pin matches. This process takes approximately 8 seconds. 

 

Here is the case behind his money grab:

Quote

The suit is demanding injunctive relief, fines and penalties assessed on Apple in accordance with the Computer Fraud and Abuse Act, and is seeking "all funds, revenues, and benefits" that Apple has "unjustly received" from the action, but what precisely that entails isn't listed in the filing documents. The filer is also asserting that Apple is violating California's Invasion of Privacy act, but how that applies also isn't immediately clear.

Hopefully the case gets thrown out and this guy can go get a job. 

 

Source: https://appleinsider.com/articles/19/02/09/apple-being-sued-because-two-factor-authentication-on-an-iphone-or-mac-takes-too-much-time

Laptop: 2019 16" MacBook Pro i7, 512GB, 5300M 4GB, 16GB DDR4 | Phone: iPhone 13 Pro Max 128GB | Wearables: Apple Watch SE | Car: 2007 Ford Taurus SE | CPU: R7 5700X | Mobo: ASRock B450M Pro4 | RAM: 32GB 3200 | GPU: ASRock RX 5700 8GB | Case: Apple PowerMac G5 | OS: Win 11 | Storage: 1TB Crucial P3 NVME SSD, 1TB PNY CS900, & 4TB WD Blue HDD | PSU: Be Quiet! Pure Power 11 600W | Display: LG 27GL83A-B 1440p @ 144Hz, Dell S2719DGF 1440p @144Hz | Cooling: Wraith Prism | Keyboard: G610 Orion Cherry MX Brown | Mouse: G305 | Audio: Audio Technica ATH-M50X & Blue Snowball | Server: 2018 Core i3 Mac mini, 128GB SSD, Intel UHD 630, 16GB DDR4 | Storage: OWC Mercury Elite Pro Quad (6TB WD Blue HDD, 12TB Seagate Barracuda, 1TB Crucial SSD, 2TB Seagate Barracuda HDD)
Link to comment
Share on other sites

Link to post
Share on other sites

Pretty much every aspect of Apple's auth system is the fastest in its category... What is this guy on about?

Current LTT F@H Rank: 90    Score: 2,503,680,659    Stats

Yes, I have 9 monitors.

My main PC (Hybrid Windows 10/Arch Linux):

OS: Arch Linux w/ XFCE DE (VFIO-Patched Kernel) as host OS, windows 10 as guest

CPU: Ryzen 9 3900X w/PBO on (6c 12t for host, 6c 12t for guest)

Cooler: Noctua NH-D15

Mobo: Asus X470-F Gaming

RAM: 32GB G-Skill Ripjaws V @ 3200MHz (12GB for host, 20GB for guest)

GPU: Guest: EVGA RTX 3070 FTW3 ULTRA Host: 2x Radeon HD 8470

PSU: EVGA G2 650W

SSDs: Guest: Samsung 850 evo 120 GB, Samsung 860 evo 1TB Host: Samsung 970 evo 500GB NVME

HDD: Guest: WD Caviar Blue 1 TB

Case: Fractal Design Define R5 Black w/ Tempered Glass Side Panel Upgrade

Other: White LED strip to illuminate the interior. Extra fractal intake fan for positive pressure.

 

unRAID server (Plex, Windows 10 VM, NAS, Duplicati, game servers):

OS: unRAID 6.11.2

CPU: Ryzen R7 2700x @ Stock

Cooler: Noctua NH-U9S

Mobo: Asus Prime X470-Pro

RAM: 16GB G-Skill Ripjaws V + 16GB Hyperx Fury Black @ stock

GPU: EVGA GTX 1080 FTW2

PSU: EVGA G3 850W

SSD: Samsung 970 evo NVME 250GB, Samsung 860 evo SATA 1TB 

HDDs: 4x HGST Dekstar NAS 4TB @ 7200RPM (3 data, 1 parity)

Case: Sillverstone GD08B

Other: Added 3x Noctua NF-F12 intake, 2x Noctua NF-A8 exhaust, Inatek 5 port USB 3.0 expansion card with usb 3.0 front panel header

Details: 12GB ram, GTX 1080, USB card passed through to windows 10 VM. VM's OS drive is the SATA SSD. Rest of resources are for Plex, Duplicati, Spaghettidetective, Nextcloud, and game servers.

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, firelighter487 said:

Apple 2FA is the fastest 2FA i have ever experienced. what is this guy talking about?

Make him use Epic's account 2FA with the email verification code. They have forums of people waiting days or more to get the code :P

5950X | NH D15S | 64GB 3200Mhz | RTX 3090 | ASUS PG348Q+MG278Q

 

Link to comment
Share on other sites

Link to post
Share on other sites

Yes, people have been known to sue for frivolous reasons, but i will actually have to reserve judgement, and here's why:

 

Remember that woman who sued McDonald's for hot coffee? Yes everyone remembers her as a hack who tried to get some free cash for something mundane.

Only here's the problem. After her coffee spill, she suffered 3rd degree burns and actually went into a coma for a few days. She won the lawsuit and got something like 5 million dollars from McDonald's, but they're done so much to make the case look ridiculous to protect their public image.

 

@DrMacintosh nothing against your reporting but I'm not sure these details are to be trusted quite so soon, there may be more to come to light.

I WILL find your ITX build thread, and I WILL recommend the SIlverstone Sugo SG13B

 

Primary PC:

i7 8086k - EVGA Z370 Classified K - G.Skill Trident Z RGB - WD SN750 - Jedi Order Titan Xp - Hyper 212 Black (with RGB Riing flair) - EVGA G3 650W - dual booting Windows 10 and Linux - Black and green theme, Razer brainwashed me.

Draws 400 watts under max load, for reference.

 

How many watts do I needATX 3.0 & PCIe 5.0 spec, PSU misconceptions, protections explainedgroup reg is bad

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, fasauceome said:

Remember that woman who sued McDonald's for hot coffee? Yes everyone remembers her as a hack who tried to get some free cash for something mundane.

Only here's the problem. After her coffee spill, she suffered 3rd degree burns and actually went into a coma for a few days. She won the lawsuit and got something like 5 million dollars from McDonald's, but they're done so much to make the case look ridiculous to protect their public image.

Yeah, but she sustained injuries and went into a coma. As far as I can tell, this guy hasn't. 

I really don't think anyone is being harmed by the fact that '2FA takes too long'.

IMO this whole case is just a cash cow. Nothing more, nothing less.

 

Quote

nothing against your reporting but I'm not sure these details are to be trusted quite so soon, there may be more to come to light.

I agree. There may be more information that has been missed out. If there's information missed out, who's to say the information they gave you is correct?

Link to comment
Share on other sites

Link to post
Share on other sites

LOL! The lawyers are also clueless! Directly from their legal claim documents!

Neither of these are 2FA code requests.. one is when connecting to iTunes the first time for syncing, the other is asking for the Passcode, for an iOS update...

 

Neither of these require an addition device, or a 2FA prompt where they need to click allow, and get a 6 digit code to enter.

 

https://www.scribd.com/document/399265266/Brodsky-versus-Apple-alleging-that-two-factor-authentication-is-abusive-to-users#fullscreen&from_embed

 

 

Screenshot_41.jpg

5950X | NH D15S | 64GB 3200Mhz | RTX 3090 | ASUS PG348Q+MG278Q

 

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, fasauceome said:

but I'm not sure these details are to be trusted quite so soon, there may be more to come to light.

Possible but highly unlikely. This guy is more than likely a fraud. 

Laptop: 2019 16" MacBook Pro i7, 512GB, 5300M 4GB, 16GB DDR4 | Phone: iPhone 13 Pro Max 128GB | Wearables: Apple Watch SE | Car: 2007 Ford Taurus SE | CPU: R7 5700X | Mobo: ASRock B450M Pro4 | RAM: 32GB 3200 | GPU: ASRock RX 5700 8GB | Case: Apple PowerMac G5 | OS: Win 11 | Storage: 1TB Crucial P3 NVME SSD, 1TB PNY CS900, & 4TB WD Blue HDD | PSU: Be Quiet! Pure Power 11 600W | Display: LG 27GL83A-B 1440p @ 144Hz, Dell S2719DGF 1440p @144Hz | Cooling: Wraith Prism | Keyboard: G610 Orion Cherry MX Brown | Mouse: G305 | Audio: Audio Technica ATH-M50X & Blue Snowball | Server: 2018 Core i3 Mac mini, 128GB SSD, Intel UHD 630, 16GB DDR4 | Storage: OWC Mercury Elite Pro Quad (6TB WD Blue HDD, 12TB Seagate Barracuda, 1TB Crucial SSD, 2TB Seagate Barracuda HDD)
Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, 1kv said:

Yeah, but she sustained injuries and went into a coma. As far as I can tell, this guy hasn't. 

I really don't think anyone is being harmed by the fact that '2FA takes too long'.

IMO this whole case is just a cash cow. Nothing more, nothing less.

 

Like I said, maybe something did happen to this guy. I don't know much about the publication Apple Insider, but if they're biased in favor of apple, there's a chance they left out key details. 

 

On the face of it, yeah this looks like a garbage case I've got no sympathy for the guy if it is.

I WILL find your ITX build thread, and I WILL recommend the SIlverstone Sugo SG13B

 

Primary PC:

i7 8086k - EVGA Z370 Classified K - G.Skill Trident Z RGB - WD SN750 - Jedi Order Titan Xp - Hyper 212 Black (with RGB Riing flair) - EVGA G3 650W - dual booting Windows 10 and Linux - Black and green theme, Razer brainwashed me.

Draws 400 watts under max load, for reference.

 

How many watts do I needATX 3.0 & PCIe 5.0 spec, PSU misconceptions, protections explainedgroup reg is bad

Link to comment
Share on other sites

Link to post
Share on other sites

These are the kinds of people who click 50 times on something because it's taking too long the first time.

Make sure to quote or tag me (@JoostinOnline) or I won't see your response!

PSU Tier List  |  The Real Reason Delidding Improves Temperatures"2K" does not mean 2560×1440 

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, fasauceome said:

Like I said, maybe something did happen to this guy.

Well you can’t sue on behalf of others unless it’s a class action. 

 

1 minute ago, fasauceome said:

I don't know much about the publication Apple Insider, but if they're biased in favor of apple, there's a chance they left out key details. 

Hey have no history of sugar coating news, especially lawsuits. 

Laptop: 2019 16" MacBook Pro i7, 512GB, 5300M 4GB, 16GB DDR4 | Phone: iPhone 13 Pro Max 128GB | Wearables: Apple Watch SE | Car: 2007 Ford Taurus SE | CPU: R7 5700X | Mobo: ASRock B450M Pro4 | RAM: 32GB 3200 | GPU: ASRock RX 5700 8GB | Case: Apple PowerMac G5 | OS: Win 11 | Storage: 1TB Crucial P3 NVME SSD, 1TB PNY CS900, & 4TB WD Blue HDD | PSU: Be Quiet! Pure Power 11 600W | Display: LG 27GL83A-B 1440p @ 144Hz, Dell S2719DGF 1440p @144Hz | Cooling: Wraith Prism | Keyboard: G610 Orion Cherry MX Brown | Mouse: G305 | Audio: Audio Technica ATH-M50X & Blue Snowball | Server: 2018 Core i3 Mac mini, 128GB SSD, Intel UHD 630, 16GB DDR4 | Storage: OWC Mercury Elite Pro Quad (6TB WD Blue HDD, 12TB Seagate Barracuda, 1TB Crucial SSD, 2TB Seagate Barracuda HDD)
Link to comment
Share on other sites

Link to post
Share on other sites

That sound like grade a example of someone reading that apple is a billion dollar company now and then thinking : "Hmm, how can i get a slice of that money".

Seriously, there are too many of those fake lawsuits.

I only see your reply if you @ me.

This reply/comment was generated by AI.

Link to comment
Share on other sites

Link to post
Share on other sites

BRB gonna sue Apple because my MBP doesn't ready my fingerprints after a 30 minute shower.

Come Bloody Angel

Break off your chains

And look what I've found in the dirt.

 

Pale battered body

Seems she was struggling

Something is wrong with this world.

 

Fierce Bloody Angel

The blood is on your hands

Why did you come to this world?

 

Everybody turns to dust.

 

Everybody turns to dust.

 

The blood is on your hands.

 

The blood is on your hands!

 

Pyo.

Link to comment
Share on other sites

Link to post
Share on other sites

16 minutes ago, Dogeystyle said:

Can we be sure this Jay dude is not using an Iphone 4?

I can confirm that even on an iPhone 4 this is an exaggeration of an order of magnitude, assuming the app (Apple 2FA is not available on iOS 7) wasn't open.

12 minutes ago, Valentyn said:

snip

How does one press a button on a touchscreen? ?

Link to comment
Share on other sites

Link to post
Share on other sites

The crap?

Resident Mozilla Shill.   Typed on my Ortholinear JJ40 custom keyboard
               __     I am the ASCIIDino.
              / _)
     _.----._/ /      If you can see me you 
    /         /       must put me in your 
 __/ (  | (  |        signature for 24 hours.
/__.-'|_|--|_|        
Link to comment
Share on other sites

Link to post
Share on other sites

This is just nonsense. I could understand if they were suing Apple for the 2FA being limited to Apple devices and/or phone number which in some rare cases can cause problems. But it taking too long? Really? Well, without @DrMacintosh telling in which country this is happening, we don't need any extra tries to guess since there's really only one country where this kind of sue could happen.

Link to comment
Share on other sites

Link to post
Share on other sites

41 minutes ago, firelighter487 said:

Apple 2FA is the fastest 2FA i have ever experienced. what is this guy talking about?

Google is pretty damn fast. If anything me fumbling around with my phone to unlock it after i forgot what im doing reqs 2FA is what makes it "slow" ?

 Motherboard  ROG Strix B350-F Gaming | CPU Ryzen 5 1600 | GPU Sapphire Radeon RX 480 Nitro+ OC  | RAM Corsair Vengeance DDR4 3000MHz 2x8Gb | OS Drive  Crucial MX300 525Gb M.2 | WiFi Card  ASUS PCE-AC68 | Case Switch 810 Gunmetal Grey SE | Storage WD 1.5tb, SanDisk Ultra 3D 500Gb, Samsung 840 EVO 120Gb | NAS Solution Synology 413j 8TB (6TB with 2TB redundancy using Synology Hybrid RAID) | Keyboard SteelSeries APEX | Mouse Razer Naga MMO Edition Green | Fan Controller Sentry LXE | Screens Sony 43" TV | Sound Logitech 5.1 X530

Link to comment
Share on other sites

Link to post
Share on other sites

having security HA GET FUCKED APPLE thatll teach yah not to have 2fa. 

Whats the goal? Sue to remove 2fa so someone can sue them for not having it? 

muh specs 

Gaming and HTPC (reparations)- ASUS 1080, MSI X99A SLI Plus, 5820k- 4.5GHz @ 1.25v, asetek based 360mm AIO, RM 1000x, 16GB memory, 750D with front USB 2.0 replaced with 3.0  ports, 2 250GB 850 EVOs in Raid 0 (why not, only has games on it), some hard drives

Screens- Acer preditor XB241H (1080p, 144Hz Gsync), LG 1080p ultrawide, (all mounted) directly wired to TV in other room

Stuff- k70 with reds, steel series rival, g13, full desk covering mouse mat

All parts black

Workstation(desk)- 3770k, 970 reference, 16GB of some crucial memory, a motherboard of some kind I don't remember, Micomsoft SC-512N1-L/DVI, CM Storm Trooper (It's got a handle, can you handle that?), 240mm Asetek based AIO, Crucial M550 256GB (upgrade soon), some hard drives, disc drives, and hot swap bays

Screens- 3  ASUS VN248H-P IPS 1080p screens mounted on a stand, some old tv on the wall above it. 

Stuff- Epicgear defiant (solderless swappable switches), g600, moutned mic and other stuff. 

Laptop docking area- 2 1440p korean monitors mounted, one AHVA matte, one samsung PLS gloss (very annoying, yes). Trashy Razer blackwidow chroma...I mean like the J key doesn't click anymore. I got a model M i use on it to, but its time for a new keyboard. Some edgy Utechsmart mouse similar to g600. Hooked to laptop dock for both of my dell precision laptops. (not only docking area)

Shelf- i7-2600 non-k (has vt-d), 380t, some ASUS sandy itx board, intel quad nic. Currently hosts shared files, setting up as pfsense box in VM. Also acts as spare gaming PC with a 580 or whatever someone brings. Hooked into laptop dock area via usb switch

Link to comment
Share on other sites

Link to post
Share on other sites

4 minutes ago, Syntaxvgm said:

having security HA GET FUCKED APPLE thatll teach yah not to have 2fa. 

Whats the goal? Sue to remove 2fa so someone can sue them for not having it? 

Thanks for the idea, I'm going to get my lawyers ready.

 

Edit: this would require owning an apple device/using their services.  NVM.  you can have it @Noctus

Resident Mozilla Shill.   Typed on my Ortholinear JJ40 custom keyboard
               __     I am the ASCIIDino.
              / _)
     _.----._/ /      If you can see me you 
    /         /       must put me in your 
 __/ (  | (  |        signature for 24 hours.
/__.-'|_|--|_|        
Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×