This. I only get the notice if I sign in to a new device or iCloud.com, and I rarely do the latter. People that constantly get 2FA multiple times a day need to describe further what they are doing.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After Two Weeks
- Thread starter MacRumors
- Start date
- Sort by reaction score
I don't think my question was clear. I am trying to say, why are they asking you to input a code that they are displaying on the same screen they are asking you to put the code in? Why can it not just recognize you are on the trusted device and not ask you to type a code they are putting right in front of your face on the same device?
[doublepost=1549852299][/doublepost]
That does not make much sense to me, but okay.
Why is your phone in another room, and not with you when at work? You know you’re going to need it for MFA when going to iCloud. You know why the security is there. I didn’t like it either but I adapted. If you don’t have any bit of personal or sensitive data on your iPhone or in iCloud then I’d understand your point yet it doesn’t mean you will never have such data in the future.
Last edited by a moderator:
If someone guesses the password and two stage security wasn’t used, then that person may lose ownership of his or her device as Apple ID is linked to that device.
Like leaving your door locked but a window open as you leave the keys in the house and so somebody comes along hops in closes the window takes the keys leave the house locked with your keys and window closed, they have access you don’t
I’ll give you a non-Apple example. I have two gaming PCs. One at my desk which is my main gaming computer and another in the living room that is VR and social gaming. The uPlay store (for Ubisoft games) won’t let you be logged into your account by two machines at the same time even if they are on the same network. Every time I boot up the other one I have to go through two factor. It remembers who I am, but it won’t let me access my content until I do their tedious extra step.
So that’s one reason two factor can be annoying.
As far as Apple goes, I frequently access iCloud from a university machine. Problem is, every time you boot into a machine the settings are reset, even if you have used that physical machine before. There is no way for me to tell my device or iCloud to remember the machine because every time you log in the machine is effectively a new computer. I wish I could have two icloud accounts on my Mac so I could toss important to secure stuff on one and temporarily need access stuff on another.
It is definitely annoying to have to keep your phone on you all the time, and the fact that you need a new apple ID to turn it off, losing all the things you "bought."
This doesn’t work because Apple collected enough private data when I signed up to verify me and evict the squatter in my home. If it was annonomous it would work, but it’s not.
Adding the code to the end of the password is a thing on devices that do not support two factor (I believe must be Mavericks or newer to support, but that may have changed). What OS are you on?
Probably deleting cookies all the time cause that's what privacy nuts tell them.
What a stupid man. He would be the first one suing if his account were compromised. Apple’s lawyers should counter sue him for wasting their time.
I wish we could disable that stuff. Sure it's more secure but I have nothing to hide with my apple ID and I use refillable credit cards with only $10 at a time on there for purchases so if anyone ever stole my password, they would literally do NO damage to me at all. Oh yeah, I have no data up there either in terms of pictures etc...
Also, Apple told me that if you ever forget your info to fix your password once you've enabled 2FA then you are stuck and they can't help you. If you DON'T enable it, they can reset the password for you. That prompt is also VERY deceptive on these devices and if you don't pay attention to what you're doing. I plan to call again to confirm this is true but if anyone can confirm this for me, then thanks.
So bottom line, we as users should retain the decision to be secure or not. We are slowly losing control of everything here folks and if you don't realize that, then you are part of the problem.
Also, Apple told me that if you ever forget your info to fix your password once you've enabled 2FA then you are stuck and they can't help you. If you DON'T enable it, they can reset the password for you. That prompt is also VERY deceptive on these devices and if you don't pay attention to what you're doing. I plan to call again to confirm this is true but if anyone can confirm this for me, then thanks.
So bottom line, we as users should retain the decision to be secure or not. We are slowly losing control of everything here folks and if you don't realize that, then you are part of the problem.
While I find the lawsuit suspect, if a user wants to discontinue use of two factor let them. It's not as if the world is going to end if they don't use it.
iforgot.apple.com can reset your password once you verify your identity, first by birthdate, then through security questions or access to a trusted device. Apple Support article HT201487 explains this process.
If that does not work, you can borrow anybody's iOS device, open the Find My Device app, type in the Apple ID, then you'll have to go through deep recovery (Apple Support article HT204921). In order to successfully do this you have to have your credit card that's on file with your Apple ID and enter the information to expedite the verification process, otherwise it may take up to 14 business days to verify your identity and they will send a reset password link to the email address on file.
Otherwise, you'll have to create a new Apple ID if verification fails behind the scenes or if you don't have access to that email anymore, if your Apple ID is an email that you've gotten rid of.
Pretty serious security procedure, but you can reset your password.
As for your line, "we as users should retain the decision to be secure or not," the answer is no, we should not once agreed to. This would take a tremendous amount of resources (for those that don't know what goes into database administration). It isn't magic, folks.
We all agreed to very clear, concise, and well disclosed End User License Agreements. Always remember that with these (and any) devices with proprietary software, you own the hardware. You DO NOT own the software or any of its contents (including purchased music, applications, books, services) outside of communications and self-made media such as photos you've taken. You are licensed to operate your phone, under the Terms and Conditions you agreed to. Apple can revoke anybody's license at any time.
Last edited:
While what you say is true on the term "user management", my apple id is locked to my US Number which is on google hangouts which were when I ported. I travel and change countries due to my job so hence I leave the US Number running. Now that hangouts is essentially blocked in the country I am, I'd have to connect via VPN to get the code that is sent on the US Number. If you select the Email, they will ask you a few questions and then you get a message, someone will contact you shortly and no one does. I still say Dual Factor is important but it's up to the user to decide and shouldn't be Apple.
In the same coin, it's up to the user to decide the firmware to stay on. Shouldn't be enforced by Apple.
What's the problem with giving people an option to enable or disable it? Seems rather rational.And we all know if they chose to disable it someone else would file a lawsuit saying Apple isn't concerned about security or privacy anymore.
Exactly. How is this worthy of a lawsuit and not a feature request? Does this mean I can sui Microsoft for getting rid of the Windows 7 style start menu and not giving me a choice? This is just absolutely ridiculous.
"...but it's up to the user to decide and shouldn't be Apple"
You did decide, and on your own free will, and as an end user, you've submitted to Apple's EULA and all details relevant to said agreement.
You should simply change your trusted phone number, then. Your Apple ID logged into iOS makes your iPhone your trusted device, and does not need the phone number to relay a 2FA code. It is transmitted via encrypted data packets to your signed-in, known good device.
I don't know what you mean by having the, "firmware stay on." Firmware is an embedded software controller separate from the operating system for functions limited to the control and resource management of the devices internal hardware components and allows the operating system to gain access to and control said internal components.
Last edited:
Yeah this is just so ridiculous. Can I sue a local data center because they force a card, pin and finger print to enter the building?
It’s my personal choice to, if I don’t bring others in jeopardy, to make my own decisions and be able to use possible interesting things for which the way is cut off for me because I am not handy enough to use the two factor authentication: someone here said he couldn’t keep up with the loads of too fast disappearing codes and that’s exactly why I turned it off as soon as possible.
By Firmware, I was referring to iOS9,10 and so on. This is because Apple removed the PPTP VPN protocol which is one of the protocols that works for VoIP in this place. I know it's not secure but by Apple forcing out of the IOS versions makes it hard. I remember I had to sell my iPhone 6s plus and open up multiple boxes until I got the ios9 os inside it. waste of $$'s IMO
Huh. What's the "official" way to deal with this? I never stopped to think about it because I have multiple Apple devices, but how do you get an authentication code if you just own (say) one iPhone and nothing else from Apple?