Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
DrMacintosh

Apple is being sued because 2FA "takes too long"

Recommended Posts

22 minutes ago, mr moose said:

Another thing I love about where I live,  You have ZERO legal rights if you are in the act of committing a crime.

 

Basically you cannot sue for damages for anything that happens to you when or as a result of committing a crime. 

Pity that's not true here in the SSA (although I feel rights should be limited, not fully zero). I definitely agree with your last sentence!


Jeannie

 

As long as anyone is oppressed, no one will be safe and free.

One has to be proactive, not reactive, to ensure the safety of one's data so backup your data! And RAID is NOT a backup!

 

Link to post
Share on other sites
On 2/11/2019 at 10:55 AM, DrMacintosh said:

Yes, harm is being done by ensuring that your account is secure that that people cannot hack your iCloud account and gain access to information that could literally ruin your business or your life. I'm sorry that the ~8 seconds it takes to log in with 2FA prevents that. Perhaps if Apple were not to enable 2FA by default, this guy would be ok with his account being easily hackable? (of course not, he would probably sue!)

Jeeze, this sounds like my work. Please no; I'm not even at work!

  • "Can I please have your full address & account number? Great, thank you.
  • You gave us a security pin/passphrase when you setup your account to ensure that only the real you is able to make changes after verifying.
  • Can you verify your pin/passphrase so I can assist you with your account?"
    • THIS IS STUPID IM NOT VERIFYING ANYTHING WHY WONT YOU HELP ME GET ME YOUR MANGLER I WANT YOU FIRED GRRRRRRRRR!

That being said, Apple's (and a few other company's; cough Blizzard, Steam, O365...) 2FA method is poorly implemented, since it doesn't use the standard OTP method which prevents me from setting it up using the Authy app (or any other 2FA app of choice).

 

In Apple's case, this requires that my 2nd trusted device be connected to data or WiFi - something that may not be possible if say I'm staying in a hotel with no cell service that only allows 1 device to be connected to the WiFi at a time per hotel room.

 

With the Authy app, this issue is eliminated since the codes are time-generated based on a secret key, and on top of that I then only need one app for all my 2FA logins, instead of Blizzard's authenticator, Steam's app, and Microsoft's authenticator.

 

On 2/11/2019 at 11:59 AM, Cheezdoodlez said:

Hm. How often do the average apple user actually need to use their 2FA codes though? 

From my perspective you only really need it when setting up a new device. Or if you for some reason would be logging in the apple/iCloud websites. But who does that on a regular basis? 

20 hours ago, Maticks said:

It only asked when you login to a device you haven't logged into from before. 

What is this guy doing?

Why does he have so many devices ongoing He clearly isn't a standard use case.

With Microsoft's services, I often go through some months of the year where I'm forced to re-login using 2FA multiple times a week. Why? Because certain companies apparently don't understand how session cookies work. And yes, this happens on multiple computers, using multiple browsers.

 

For example, for June last year I decided "Hey, maybe this problem only affects Chrome - I'll try Opera" ... Nope - by September I was back to being asked to re-login twice a week using 2FA. Same goes for Firefox, Vivaldi, Chrome Canary, and even Microsoft's own Edge browser.

 

The only way I could consistently fix this was to completely clear ALL *.microsoft.com cookies. While this works, it's not something a normal user would know to do, nor is it something you should have to do, as it resets preferences on certain sites set by the same cookies.


Desktop: i7-4790k Build - ALMOST COMPLETE Mobile: OnePlus 5T | Bell Unlimited National Calling & Texting + 10GB Data
Laptop: Dell XPS 15 9560 (the real 15" MacBook Pro that Apple didn't make) Tablet: HP Touchpad (Android) | ASUS ME302C
Camera: Canon SX280 + Rebel T1i (500D) | Sony HDR-AS50R | Panasonic DMC-TS20D Music: Spotify Premium (CIRCA '08)

Link to post
Share on other sites
6 minutes ago, Lady Fitzgerald said:

Pity that's not true here in the SSA (although I feel rights should be limited, not fully zero). I definitely agree with your last sentence!

I probably should clarify, criminals have rights even if they intentional carry out an act of crime, for example they have a right to free trial, to not be compelled to give evidence against themselves and the right to legal representation, but they have no rights to damages from the victim of their crime.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Link to post
Share on other sites
On 2/11/2019 at 7:06 PM, Valentyn said:

LOL! The lawyers are also clueless! Directly from their legal claim documents!

Neither of these are 2FA code requests.. one is when connecting to iTunes the first time for syncing, the other is asking for the Passcode, for an iOS update...

 

Neither of these require an addition device, or a 2FA prompt where they need to click allow, and get a 6 digit code to enter.

 

https://www.scribd.com/document/399265266/Brodsky-versus-Apple-alleging-that-two-factor-authentication-is-abusive-to-users#fullscreen&from_embed

 

 

Screenshot_41.jpg

Exactly what I said when I was reading the article. I was like "I'm pretty sure whats being described here isn't even 2FA" and after seeing the images my suspicious are correct. This guy is going to be laughed at in court when Apple point out multiple flaws with his "issues"


System Specs:

CPU:  Intel 8700K (3.7-4.7GHz Turbo)  GPU: MSI GTX 1080 ARMOR 8GB MB: MSI Z370 Gaming Plus   RAM: Corsair 3000MHz 2x8GB(16GB)  CPU Cooler: Kraken X42 AIO  Sound card: Creative Sound Blaster Z  SSD: OCZ ARC100 480GB  HDD: Western Digital 1TB Black, Seagate Barracuda 1TB both 7200RPM, WD Green 2TB (storage)  PSU: Pro750W XFX 80 Plus Gold  Case: NZXT H500 Optical Drive: -

 

 

Link to post
Share on other sites
2 hours ago, mr moose said:

Another thing I love about where I live,  You have ZERO legal rights if you are in the act of committing a crime.

 

Basically you cannot sue for damages for anything that happens to you when or as a result of committing a crime. 

Does j walking count? Like can someone legally run you over on purpose? 

Link to post
Share on other sites
1 hour ago, kirashi said:

Jeeze, this sounds like my work. Please no; I'm not even at work!

  • "Can I please have your full address & account number? Great, thank you.
  • You gave us a security pin/passphrase when you setup your account to ensure that only the real you is able to make changes after verifying.
  • Can you verify your pin/passphrase so I can assist you with your account?"
    • THIS IS STUPID IM NOT VERIFYING ANYTHING WHY WONT YOU HELP ME GET ME YOUR MANGLER I WANT YOU FIRED GRRRRRRRRR!

That being said, Apple's (and a few other company's; cough Blizzard, Steam, O365...) 2FA method is poorly implemented, since it doesn't use the standard OTP method which prevents me from setting it up using the Authy app (or any other 2FA app of choice).

 

In Apple's case, this requires that my 2nd trusted device be connected to data or WiFi - something that may not be possible if say I'm staying in a hotel with no cell service that only allows 1 device to be connected to the WiFi at a time per hotel room.

 

With the Authy app, this issue is eliminated since the codes are time-generated based on a secret key, and on top of that I then only need one app for all my 2FA logins, instead of Blizzard's authenticator, Steam's app, and Microsoft's authenticator.

 

With Microsoft's services, I often go through some months of the year where I'm forced to re-login using 2FA multiple times a week. Why? Because certain companies apparently don't understand how session cookies work. And yes, this happens on multiple computers, using multiple browsers.

 

For example, for June last year I decided "Hey, maybe this problem only affects Chrome - I'll try Opera" ... Nope - by September I was back to being asked to re-login twice a week using 2FA. Same goes for Firefox, Vivaldi, Chrome Canary, and even Microsoft's own Edge browser.

 

The only way I could consistently fix this was to completely clear ALL *.microsoft.com cookies. While this works, it's not something a normal user would know to do, nor is it something you should have to do, as it resets preferences on certain sites set by the same cookies.

I have the most convenient 2FA. You take your standard 2FA method and you remove the second part of it. 

Link to post
Share on other sites

Seems about par for the course with a typical Apple user, lmfao


Delidded 3770k 4.4GHz | Sapphire Nitro+ Special Edition RX 580 1550MHz/2250MHz  | #2 FireStrike Extreme & #2 Superposition 1080p Xtreme | 32GB DDR3 1600MHz

Link to post
Share on other sites
4 hours ago, mr moose said:

Another thing I love about where I live,  You have ZERO legal rights if you are in the act of committing a crime.

 

Basically you cannot sue for damages for anything that happens to you when or as a result of committing a crime. 

Most of the US is similar. You CAN sue, technically, but most courts will throw the case out as soon as they hear it. What few places here that do hear those cases, are either districts with idiots in power, the lawsuit has genuine merit for hazardous situations, or someone important has a political agenda.


Seagull eat fish. But fish belong to Mafia. Mafia punch seagull for not respecting Mafia. Seagull say "No, please! I have child!"

Mafia punch seagull with child.

 

 

 

 

 

 

 

 

Pyo.

Link to post
Share on other sites

'Murica

 

please don't sue me


i7 7700k @ 4.2GHz

Asus Strix OC 1080Ti

ROG Maximus IX Hero

EVGA G2 850W

32GB DDR4 (16x2) @ 3000Mhz

X62 Kraken

Creative Soundblaster Zx

Windows 10 Pro x64

Phanteks Primo

Link to post
Share on other sites
On 2/11/2019 at 1:02 PM, fasauceome said:

but they're done so much to make the case look ridiculous to protect their public image.

She had had McDonalds coffee multiple times before and knew exactly how hot it was and how flimsy their cups were. She still decided to use her legs to grip the cup while trying to pull the top off. The temperature they held the coffee at was not significantly different from the industry standard among fast food restaurants or chain gas stations and was done explicitly to hold the taste as long as possible for people to enjoy during long commutes or after they made it to work. The case was ridiculous, full stop.

Link to post
Share on other sites
11 hours ago, Brooksie359 said:

Does j walking count? Like can someone legally run you over on purpose? 

They would be hard pushed to prove it an accident.  Suffice to say J walking is a misdemeanor and can only occur at an intersection where traffic lights are installed.  Ergo, not a criminal activity and can only happen if you walk across against a red light.    However I don't know of a case that has gone to court.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Link to post
Share on other sites
On 2/11/2019 at 7:43 PM, Noctus said:

Google is pretty damn fast. If anything me fumbling around with my phone to unlock it after i forgot what im doing reqs 2FA is what makes it "slow" 😂

That's usually it. You type in password, instantly prompted for 2FA code. If you have an iOS or Mac OS device you instantly get a popup saying someone is trying to sign in, you click Deny or Allow. Allow gives you the code!
In some cases if you're on a secure site, and trusted devices it even auto fills the 6 digit code - such as being on iOS 11 and signing into a brand new iOS device. The code is automatically text when you sign in during setup, and auto fills it. ( Assuming your SIM card is in the phone ).

 

If you don't have Mobile Data or Wifi, you can click "Didn't get a Code?" and send it as text message or Robo call to the phone number registered to your account. ( you can have multiple 'trusted' numbers on the account )

The slowest part there is the popup asking if you want to allow or deny it, before it generates a code . Because that needs the user to actual read and approve or deny the request for a code.

The GPS location on it is brilliant. 

If you're out with friends and suddenly get a popup saying someone in New Zealand is trying to log in, you know the account email/password is compromised and you can click deny to change the password and auto sign out all devices on the account.

The worst thing is if you look at the images/photos they submitted in the court documents; they're not even 2FA prompts. One is a prompt to trust the computer you've connected the phone to, to allow access to the phone contents and files. The other is the enter your phone passcode to install the an iOS update.

Both there to ensure some rando bugger doesn't swipe the phone, plug into a computer and steal all your data; and latter to ensure random people ( mostly kids ), don't accidentally install an iOS update when you don't want to. Everyone hates Windows for randomly install updates and rebooting systems; so the passcode is there to prevent someone from mucking it up.

 


5820K 4.0GHz | NH D15S | 32 GB RAM | Titan V | ASUS PG348Q+MG278Q

 

Link to post
Share on other sites

...As much as I love when Apple screws up, This guy is just a freaking moron. You can turn it off, even if it takes 14 days. And even the SLOWEST 2FA only takes about a minute to send you a code. This case shouldn't be allowed to go anywhere and if I had my way, people that try to start these completely ridiculous lawsuits would get fined for wasting everyone's time.


Main Rig: cpu: Intel 6600k OC @ 4.5Ghz; gpu: Gigabyte Gaming OC RTX 2080 (OC'd); mb: Gigabyte GA-Z170X-UD3; ram: 16 GB (2x8GB) 3000 G.Skill Ripjaws V; psu: EVGA 650BQ; storage: 500GB Samsung 850 evo, 2TB WD Black; case: Cooler Master HAF 912; cooling: Cooler Master Hyper 212 Evo, Lots of fans, Air!; display: 4k Samsung 42" TV, Asus MX259H 1080p audio: Schiit Audio Magni Amp w/ Audio Technica M50x

Link to post
Share on other sites
7 hours ago, ravenshrike said:

The case was ridiculous, full stop.

How about you say that to the judge? This conclusion seems to reveal that you're just a sucker that buys into what the companies have put forth to make it seem ridiculous.

She knew how hot it was, you say? I doubt she knew it was a scorching 190 degrees.

This was the industry standard you say? Well guess what, she won the suit, and the industry was forced to change.

I knew a little about the case already then saw this:

And I would have to say, unless you discredit everything in this video you're just a fool. Full stop.


I WILL find your ITX build thread, and I WILL recommend the SIlverstone Sugo SG13B

 

Primary PC:

i7 8086k (won) - EVGA Z370 Classified K - G.Kill Trident Z RGB - Force MP500 - Jedi Order Titan Xp - The venerated Hyper 212 Evo (with RGB Riing flair) - EVGA G2 650W - Black and green theme, Razer branwashed me.

Draws 400 watts under max load, for reference.

 

Linux Proliant ML150 G6:

Xeon X5560 - 24GB ECC DDR3 - MSI GTX 650 - some 7200RPM SATA II thing - Ubuntu (at the moment)

 

Feel free to critique my website. I am but a young entrepreneur.

Link to post
Share on other sites
7 hours ago, ravenshrike said:

She had had McDonalds coffee multiple times before and knew exactly how hot it was and how flimsy their cups were. She still decided to use her legs to grip the cup while trying to pull the top off.

Yes, it was a bad idea to do that, but it was a mistake. People make mistakes.

She also admitted that it was her fault for spilling the coffee, so it's not like she was completely putting the blame on McDonalds.

7 hours ago, ravenshrike said:

The temperature they held the coffee at was not significantly different from the industry standard among fast food restaurants or chain gas stations and was done explicitly to hold the taste as long as possible for people to enjoy during long commutes or after they made it to work. The case was ridiculous, full stop.

If the serving temperature of your coffee is enough to give someone 3rd degree burns and put them in a coma for nearly a week, it's a bad idea to serve it that hot. That's why the industry standard changed after she won the lawsuit.

Stop defending McDonalds for their mistakes (although to be fair she did make mistakes too). It wasn't a ridiculous case. I bet if you were in the same situation as her, you'd like some compensation too. 

 

Had to get that off my chest. Let's get back on topic before this thread gets locked..


Some may know me as 1kv. I'm not liable for anything that may happen as a result of following my advice. Take what I say with a grain of salt, some things may not be correct.

Make sure to tag or quote who you are trying to reply to, that way they will see your answer.

Useful links: Community Standards | New PSU Tier List | Posting Guidelines | Why you shouldn't buy an EVGA G3 PSU | Build Guide Megathread | GPU Tier List

 

 

 

 

Link to post
Share on other sites

While I can attest that some companies and apps utilize 2FA in silly ways, constantly having me go grab my phone from another room, or check an e-mail for a code, it's ridiculous to sue over it. If I had the inclination to stop the inconvenience, most services are fairly easy to turn off 2FA.

Link to post
Share on other sites
2 hours ago, divito said:

If I had the inclination to stop the inconvenience, most services are fairly easy to turn off 2FA.

I think that is one of the main reasons the person decided to sue, they claimed it wasn't easy to turn off Apple's 2FA.

Link to post
Share on other sites

Can they change the lawsuit over to whatever company is responsible for the terrible captcha system? I waste thousands of times more resources clicking retarded image boxes then any other form of validation hands down.


What does windows 10 and ET have in common?

 

They are both constantly trying to phone home.

Link to post
Share on other sites

Literally anyone will sue for anything, remember the AMD lawsuit over the FX series chips mislabeling their CPU's even though technically there is just 2 cores per module and they share a scheduler

 

I hope this doesn't go through, 2FA is the way to go, and i've never had it take longer than 30 seconds


Current Build

Spoiler

System

  • CPU
    Ryzen 2700x
  • Motherboard
    ASrock x470 Fatal1ty k4
  • RAM
    16GB
  • GPU
    EVGA RTX 2080 Ti Black
  • Case
    Corsair 570x
  • Storage
    480gb SSD
  • PSU
    Thermaltake Smart M 650W 80+ Bronze
  • Display(s)
    27 inch Dell S2716DG
  • Cooling
    Wraith Prism
  • Keyboard
    Razer Huntsman
  • Mouse
    Corsair M65 pro
  • Sound
    Beyerdynamic dt770
  • Operating System
    Windows 10

 

Link to post
Share on other sites
On 2/13/2019 at 9:49 AM, 1kv said:

That's why the industry standard changed after she won the lawsuit.

On 2/13/2019 at 9:15 AM, fasauceome said:

the industry was forced to change.

The industry didn't change beyond a miniscule warning label.


Seagull eat fish. But fish belong to Mafia. Mafia punch seagull for not respecting Mafia. Seagull say "No, please! I have child!"

Mafia punch seagull with child.

 

 

 

 

 

 

 

 

Pyo.

Link to post
Share on other sites
5 minutes ago, Drak3 said:

The industry didn't change beyond a miniscule warning label.

except coffee temperature


I WILL find your ITX build thread, and I WILL recommend the SIlverstone Sugo SG13B

 

Primary PC:

i7 8086k (won) - EVGA Z370 Classified K - G.Kill Trident Z RGB - Force MP500 - Jedi Order Titan Xp - The venerated Hyper 212 Evo (with RGB Riing flair) - EVGA G2 650W - Black and green theme, Razer branwashed me.

Draws 400 watts under max load, for reference.

 

Linux Proliant ML150 G6:

Xeon X5560 - 24GB ECC DDR3 - MSI GTX 650 - some 7200RPM SATA II thing - Ubuntu (at the moment)

 

Feel free to critique my website. I am but a young entrepreneur.

Link to post
Share on other sites
Just now, fasauceome said:

except coffee tempetrature

No, the industry standard is still 130-185. And McDonalds dropped from 190 to 185, still hot enough to cause 3rd degree burns.

 

The lawsuit didn't change jack shit.


Seagull eat fish. But fish belong to Mafia. Mafia punch seagull for not respecting Mafia. Seagull say "No, please! I have child!"

Mafia punch seagull with child.

 

 

 

 

 

 

 

 

Pyo.

Link to post
Share on other sites
19 minutes ago, Drak3 said:

No, the industry standard is still 130-185. And McDonalds dropped from 190 to 185, still hot enough to cause 3rd degree burns.

 

The lawsuit didn't change jack shit.

130 is a hell of a lot safer than 185, the standard before the lawsuit was above 170.


I WILL find your ITX build thread, and I WILL recommend the SIlverstone Sugo SG13B

 

Primary PC:

i7 8086k (won) - EVGA Z370 Classified K - G.Kill Trident Z RGB - Force MP500 - Jedi Order Titan Xp - The venerated Hyper 212 Evo (with RGB Riing flair) - EVGA G2 650W - Black and green theme, Razer branwashed me.

Draws 400 watts under max load, for reference.

 

Linux Proliant ML150 G6:

Xeon X5560 - 24GB ECC DDR3 - MSI GTX 650 - some 7200RPM SATA II thing - Ubuntu (at the moment)

 

Feel free to critique my website. I am but a young entrepreneur.

Link to post
Share on other sites
Just now, fasauceome said:

130 is a hell of a lot safer than 185, the standard before the lawsuit was above 170.

The standard before the lawsuit was 130-185. The standard after was 130-185. The standard did not change.


Seagull eat fish. But fish belong to Mafia. Mafia punch seagull for not respecting Mafia. Seagull say "No, please! I have child!"

Mafia punch seagull with child.

 

 

 

 

 

 

 

 

Pyo.

Link to post
Share on other sites
On 2/13/2019 at 12:08 AM, S w a t s o n said:

Seems about par for the course with a typical Apple user, lmfao

?


DISCLAIMER: ANYTHING I SAY COULD BE WRONG. DO YOUR OWN RESEARCH! 

Have a look at my set up your linux gaming pc from start to finish topic if you want to get started with linux :) 

My laptop: MacBook Pro 15" Late 2011 (dGPU disabled): I7 2675QM | HD3000 | 1TB SSD | 16GB RAM | macOS

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×