When signing into a replacement iPhone:
When singing into iCloud on a new/different device, have your iPhone handy.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After Two Weeks
- Thread starter MacRumors
- Start date
- Sort by reaction score
When signing into a replacement iPhone:
When singing into iCloud on a new/different device, have your iPhone handy.
In my case and with most cases, when a phone is replaced, they erase your old device and then take it in. by that time you have lost the ability to get the code onto that device.
your apple id is not the secret - the password is
all apple ids are known by default - only the passwords are not - or let me be precise the combination of id with password ist not.
so whats your point?
[doublepost=1549870151][/doublepost]
its all but easy and its not apple style
it should work, if i press "yes" than thats it, not entering a 6 digit code manually somewhere - thats the opposite of secure its terrible!
I honestly don’t know how some people make it through life. Your iPhone is your “most beloved product”. Yet, you have no idea what your APPLE ID is to your APPLE iPhone, don’t know the password and don’t have a clue if your information is saved.
I really do wish people would take more responsibility.
As for 2 Factor, it has been totally fine for me. Pretty weird that it can’t be turned off later though.
I really do wish people would take more responsibility.
As for 2 Factor, it has been totally fine for me. Pretty weird that it can’t be turned off later though.
Let’s just agree to move these people to Android.. all in favor say “I”
New York resident Jay Brodsky has filed a frivolous class action lawsuit against Apple, alleging that the company's so-called "coercive" policy of not letting customers disable two-factor authentication beyond a two-week grace period is both inconvenient and violates a variety of California laws.
The complaint alleges that Brodsky "and millions of similarly situated consumers across the nation have been and continue to suffer harm" and "economic losses" as a result of Apple's "interference with the use of their personal devices and waste of their personal time in using additional time for simple logging in."
In a support document, Apple says it prevents customers from turning off two-factor authentication after two weeks because "certain features in the latest versions of iOS and macOS require this extra level of security":The complaint is riddled with questionable allegations, however, including that Apple released a software update around September 2015 that enabled two-factor authentication on Brodsky's Apple ID without his knowledge or consent. Apple in fact offers two-factor authentication on an opt-in basis.
Brodsky also claims that two-factor authentication is required each time you turn on an Apple device, which is false, and claims the security layer adds an additional two to five minutes or longer to the login process when it in fact only takes seconds to enter a verification code from a trusted device.
The complaint goes on to allege that Apple's confirmation email for two-factor authentication enrollment containing a "single last line" alerting customers that they have a two-week period to disable the security layer is "insufficient."
Brodsky accuses Apple of violating the U.S. Computer Fraud and Abuse Act, California's Invasion of Privacy Act, and other laws. He, on behalf of others similarly situated, is seeking monetary damages as well as a ruling that prevents Apple from "not allowing a user to choose its own logging and security procedure." Read the full document.
Article Link: Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After Two Weeks
People amaze me sometimes..
Last edited by a moderator:
I disabled 2FA because I don't want to be signed into iCloud and you can't use 2FA without being signed in. Apple/iCloud is just too intransparent about what it is acutally syncing. Even if I turn off all iCloud features except Find my iPhone, some data like call logs and other preferences will still be synced with Apple servers. Therefore I turn it off completely and only use my Apple ID to sign into the App Store.
If there was enrypted iCloud syncing with keys in my possesion, or much more granular syncing settings, I would probably turn it on again.
If there was enrypted iCloud syncing with keys in my possesion, or much more granular syncing settings, I would probably turn it on again.
I see this response too often. Your Apple ID is signed into iCloud in system preferences. Therefore your Mac is a trusted device. So when signing into iCloud.com through a web browser your 2FA authentication code is sent via push notification to all trusted devices. If you were not signed into iCloud in system preferences the code would not go to that machine. The browser session is what’s not trusted yet. But the machine itself is a trusted device. Assuming a bad actor did get into your machine there is no point for them to even go into iCloud.com they already have access to a trusted device. They can see pictures contacts calendars etc. without ever needing to log in to iCloud.com through a browser. The only reason I go to icloud.com on my computer is to set email rules. I can’t think of many reasons you’d need to go to iCloud.com on a trusted device when all that information is already on the device itself.
FINALLY someone gets it. If someone that shouldn’t be is trying to get into your iCloud account via the website from your unlocked trusted device you have bigger problems than that code going to that device.
Find iPhone
Find Friends
Pages (web version)
Numbers (web version)
keynote (web version)
Planned obsolescence is part of any tech companies products. But what other company supports devices as long as Apple? The 5s is still supported. Most flagship androids get maybe 2 years of updates? Also I can’t say for sure because I don’t have a 2nd gen Apple TV, but after entering the password once doesn’t it prompt you to sign in again but to add the 6 digit code to the end of the password? That’s how it works on macs that aren’t updated for the 2FA interface.
[doublepost=1549879470][/doublepost]
That is what the trusted phone number is for. When prompted to enter code tap “didn’t get code” and then “text code to phone number” code will fill in automatically if that number is active on the device that your signing into.
Yeah, that's funny. I don't care about Apple, for sure. (1) Apple is not "everyone" (2) to read smth is only beginning. The other part is to comprehend what you've read. See my point?So funny how you just got done saying how you don't care about anyone but yourself, then criticize him for being condescending....
[doublepost=1549880433][/doublepost]
Why do you defend corporations and call their customers idiots? I wonder what kind of human being assumes such arrogance to call other people idiots. Most likely those looking at themselves in the mirror.
Didn't occur once in a while that it is corporations that are idiots? Reality abounds.
Your personal choice is to use the software or not. Apple owns the software, you do not. It is their choice on the security they require. Would a choice be nice? Yes, but Apple is not legally required to.
Actually people do. I have it set up on every account I can. Apples system isn’t much different than the text/Authenticator app system that can be set up with google/amazon/etc. Banks require it for log in. No other companies are getting sued for this though.
You can have the code texted to the trusted number on your account as well.
[doublepost=1549881569][/doublepost]
Banks require it for login and that’s the same reason Apple requires it to use certain features. They are legally required to provide that level of security to use them.
[doublepost=1549881725][/doublepost]A
And if they have both the device and your password well then 1. You gave someone to much info or 2. You need to keep up with your stuff
It’s not security theatre. It is more secure. As long as you have a device passcode and texts don’t show previews on the lock screen no one should be able to gain access to the trusted device but you.
[doublepost=1549882532][/doublepost]
You can get rid of the badge. Once the 2 factor set up screen comes up choose don’t upgrade security. You basically have to say no twice for the badge to go away.
A person should have the option whether to use 2FA or not for whatever their reasoning may be. There are other business/agency that gives the user the option to choose 2FA, however, I would recommend it being used.
Why the heck do they make these new fangled phones so light? Used to be when a robber tried to mug me I could throw my phone at him and knock him out. I throw my phone at him now, he catches and says "thanks gramps."
It's 6 digits.. no rocket science. It maybe takes 5 - 10 seconds.
And what are you guys doing? How many times a day do you actually have to authenticate yourself via 2 factor authentication? I have several macs + iPhone for work and personal use and I have to type in those digits maybe once a month.
Also to access 'Find my iPhone' (or Mac) on your iPhone you just need the password if the session is expired and you want to log in again.
the same goes for iCloud.com if you just want to use 'Find my iPhone'. No 2 factor authentication needed.
I read somewhere the digits are hardly noticeable because they disappear too fast, I just checked it. First you'll be informed that someone tries to access your account and you have to allow it (This notification will show up on all your trusted devices).
If you hit 'Allow' the notification disappears on all devices (it remains on a locked iPhone until you unlock it) but the one you used to allow the access. Immediately afterwards the 6 digits show up on that very device and you have all the time in the world to read the digits. They don't disappear until you press 'Done'.
It takes more time to type in my apple ID + password then the verification afterwards.
This is why we need tort reform. Baseless case over a valuable feature. This is like suing your landlord for not allowing you to remove the locks from your apartment door.
Shame on this writer for calling this frivolous (let us form our own opinions, rather than telling us what to do and think as Apple does) , and... what a mean crowd. It's not about security, it's about choice and being in control of our devices instead of being dictated to. Shame on Apple.