Apple’s legal troubles continue to rage on, as the company faces a new class action lawsuit, this time, regarding its two-factor authentication practice. A man from California by the name of Jay Brodsky is taking Apple to court over the way Apple has implemented two-factor authentication for Apple devices and services. Brodsky's complaint claims that Apple did not make it clear in its documentation that two-factor authentication could not be disabled after 14 days of use. The complaint further goes on to state:
“Two-factor authentication imposes an extraneous logging in procedure that requires a user to both (i) remember password; and (ii) have access to a trusted device or trusted phone number to receive an additional six-digit code that needs to be entered at the time of logging in addition to the user set password. A user does not have an option to disable such doubled up security measures and is stuck with wasting time to log on to his own device. Two-factor authentication requires additional steps to access any third-party apps or services requiring passwords. Two-factor authentication is required each time you turn on a device.”
In essence, Brodsky’s complaint rests on the fact that Apple did not make it clear in its sign-up email that two-factor authentication could not be disabled after 14 days, and that having the feature enabled results in users taking extra time to log into their device or service of choice. Further, his complaint says “Apple does not get user consent to enable two-factor authentication. Apple does not get user consent to then remove the option forever to disable two-factor authentication, once it is enabled. An email with a long paragraph thanking the user and highlighting the good features of two-factor authentication followed by a simple single last line in an email saying that the link will expire on a given date is insufficient to put the user on notice of his options and make an informed decision as to whether to click the link to disable it.”
Two-Factor authentication is a login security measure that has been implemented by most popular services including Google, Facebook and Apple. Two-factor authentication prevents fraudulent logins by unsavoury parties by sending a log-in prompt to a pre-authorized device, or by sending an additional code to said device which is required to be entered while logging in. This adds an additional step to the login process but does ensure, to a great degree, the security of an account. You can read the full complaint here.