Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After Two Weeks

When signing into a replacement iPhone:

When singing into iCloud on a new/different device, have your iPhone handy.

 

In my case and with most cases, when a phone is replaced, they erase your old device and then take it in. by that time you have lost the ability to get the code onto that device.

 

your apple id is not the secret - the password is

all apple ids are known by default - only the passwords are not - or let me be precise the combination of id with password ist not.

so whats your point?

--- Post Merged, Feb 10, 2019 ---

its all but easy and its not apple style

it should work, if i press "yes" than thats it, not entering a 6 digit code manually somewhere - thats the opposite of secure its terrible!

 

I honestly don’t know how some people make it through life. Your iPhone is your “most beloved product”. Yet, you have no idea what your APPLE ID is to your APPLE iPhone, don’t know the password and don’t have a clue if your information is saved.

I really do wish people would take more responsibility.

As for 2 Factor, it has been totally fine for me. Pretty weird that it can’t be turned off later though.

 

Let’s just agree to move these people to Android.. all in favor say “I”

People amaze me sometimes..

 

Harsh

 

I disabled 2FA because I don't want to be signed into iCloud and you can't use 2FA without being signed in. Apple/iCloud is just too intransparent about what it is acutally syncing. Even if I turn off all iCloud features except Find my iPhone, some data like call logs and other preferences will still be synced with Apple servers. Therefore I turn it off completely and only use my Apple ID to sign into the App Store.

If there was enrypted iCloud syncing with keys in my possesion, or much more granular syncing settings, I would probably turn it on again.

 

I see this response too often. Your Apple ID is signed into iCloud in system preferences. Therefore your Mac is a trusted device. So when signing into iCloud.com through a web browser your 2FA authentication code is sent via push notification to all trusted devices. If you were not signed into iCloud in system preferences the code would not go to that machine. The browser session is what’s not trusted yet. But the machine itself is a trusted device. Assuming a bad actor did get into your machine there is no point for them to even go into iCloud.com they already have access to a trusted device. They can see pictures contacts calendars etc. without ever needing to log in to iCloud.com through a browser. The only reason I go to icloud.com on my computer is to set email rules. I can’t think of many reasons you’d need to go to iCloud.com on a trusted device when all that information is already on the device itself.

 

FINALLY someone gets it. If someone that shouldn’t be is trying to get into your iCloud account via the website from your unlocked trusted device you have bigger problems than that code going to that device.

 

Find iPhone
Find Friends
Pages (web version)
Numbers (web version)
keynote (web version)

 

Planned obsolescence is part of any tech companies products. But what other company supports devices as long as Apple? The 5s is still supported. Most flagship androids get maybe 2 years of updates? Also I can’t say for sure because I don’t have a 2nd gen Apple TV, but after entering the password once doesn’t it prompt you to sign in again but to add the 6 digit code to the end of the password? That’s how it works on macs that aren’t updated for the 2FA interface.

--- Post Merged, Feb 11, 2019 at 2:04 AM ---

That is what the trusted phone number is for. When prompted to enter code tap “didn’t get code” and then “text code to phone number” code will fill in automatically if that number is active on the device that your signing into.

 

Yeah, that's funny. I don't care about Apple, for sure. (1) Apple is not "everyone" (2) to read smth is only beginning. The other part is to comprehend what you've read. See my point?

--- Post Merged, Feb 11, 2019 at 2:20 AM ---

Why do you defend corporations and call their customers idiots? I wonder what kind of human being assumes such arrogance to call other people idiots. Most likely those looking at themselves in the mirror.
Didn't occur once in a while that it is corporations that are idiots? Reality abounds.

 

Your personal choice is to use the software or not. Apple owns the software, you do not. It is their choice on the security they require. Would a choice be nice? Yes, but Apple is not legally required to.

 

2FA should be mandatory. On everything.

 

Actually people do. I have it set up on every account I can. Apples system isn’t much different than the text/Authenticator app system that can be set up with google/amazon/etc. Banks require it for log in. No other companies are getting sued for this though.

 

You can have the code texted to the trusted number on your account as well.

--- Post Merged, Feb 11, 2019 at 2:39 AM ---

Banks require it for login and that’s the same reason Apple requires it to use certain features. They are legally required to provide that level of security to use them.

--- Post Merged, Feb 11, 2019 at 2:42 AM ---

A

And if they have both the device and your password well then 1. You gave someone to much info or 2. You need to keep up with your stuff

 

It’s not security theatre. It is more secure. As long as you have a device passcode and texts don’t show previews on the lock screen no one should be able to gain access to the trusted device but you.

--- Post Merged, Feb 11, 2019 at 2:55 AM ---

You can get rid of the badge. Once the 2 factor set up screen comes up choose don’t upgrade security. You basically have to say no twice for the badge to go away.

 

A person should have the option whether to use 2FA or not for whatever their reasoning may be. There are other business/agency that gives the user the option to choose 2FA, however, I would recommend it being used.

 

I have it set up on every service that supports said feature. Wish more did...

 

Why the heck do they make these new fangled phones so light? Used to be when a robber tried to mug me I could throw my phone at him and knock him out. I throw my phone at him now, he catches and says "thanks gramps."

 

It's 6 digits.. no rocket science. It maybe takes 5 - 10 seconds.
And what are you guys doing? How many times a day do you actually have to authenticate yourself via 2 factor authentication? I have several macs + iPhone for work and personal use and I have to type in those digits maybe once a month.

Also to access 'Find my iPhone' (or Mac) on your iPhone you just need the password if the session is expired and you want to log in again.
the same goes for iCloud.com if you just want to use 'Find my iPhone'. No 2 factor authentication needed.

I read somewhere the digits are hardly noticeable because they disappear too fast, I just checked it. First you'll be informed that someone tries to access your account and you have to allow it (This notification will show up on all your trusted devices).
If you hit 'Allow' the notification disappears on all devices (it remains on a locked iPhone until you unlock it) but the one you used to allow the access. Immediately afterwards the 6 digits show up on that very device and you have all the time in the world to read the digits. They don't disappear until you press 'Done'.
It takes more time to type in my apple ID + password then the verification afterwards.

 

This is why we need tort reform. Baseless case over a valuable feature. This is like suing your landlord for not allowing you to remove the locks from your apartment door.

 

Totally valid suit IMO. Why 2 weeks, seems totally arbitrary. I hope the suit wins. 2FA is a huge PITA. Those that want it great, but personal choice should outweigh all.

 

Shame on this writer for calling this frivolous (let us form our own opinions, rather than telling us what to do and think as Apple does) , and... what a mean crowd. It's not about security, it's about choice and being in control of our devices instead of being dictated to. Shame on Apple.

 

Thanks