Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After Two Weeks

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Feb 9, 2019.

  1. 4jasontv macrumors 65816

    Joined:
    Jul 31, 2011
    #376
    I hear this a lot, but despite what the customer agreement says, I’m not sure it’s ever been tested in court. Precedent was set by the music industry, but this isn’t music, and they never claimed the right to modify the content with or without user permission.

    If the customer wins suddenly there becomes a question if Apple can ever remove any feature. The only way anyone wins here is if Apple can understand why people want to turn it off. Or at least let customers disable notifications without completing the task.
     
  2. flygbuss macrumors 6502

    flygbuss

    Joined:
    Jul 22, 2018
    Location:
    Stockholm, Sweden
    #377
    Oh boy.. this gets better and better. Have you read the article? Do you know what the 2 factor authentication is being used for? It’s connected to your iCloud account and not to your device.
    And you actually HAVE a choice for crying out loud.
     
  3. 31 Flavas macrumors 6502

    Joined:
    Jun 4, 2011
    #378
    Also doesn't appear on any other computer or device anywhere else in the world. So someone trying to remotely login to your account needs your trusted device.

    This is what you’re really protecting against. Remote logins.
     
  4. zarmanto macrumors regular

    zarmanto

    Joined:
    Feb 3, 2014
    Location:
    Around the corner from the 7/11
    #379
    I don't know who he think's he's actually going to convince with that line of reasoning, because it's a simple matter to debunk this particular claim: if events had actually transpired as he describes, I'm pretty sure I wouldn't still be harassing my wife to enable 2-fac on her account!
     
  5. Ladybug macrumors 68000

    Ladybug

    Joined:
    Apr 13, 2006
    #380
    I think a compromise might be to allow a user to turn it off at any later date, that seems sensible to me.
     
  6. nt5672 macrumors 68000

    Joined:
    Jun 30, 2007
    #381
    Nope, getting into my phone should not be giving people access to my accounts and information. That IS the whole purpose of 2 factor authentication. Duh! Unless of course a company like Apple eviscerates the functionality because they only care about perception.

    So in your example, getting into the home should give everyone access to the safe inside the home. That makes sense.
    --- Post Merged, Feb 11, 2019 at 6:29 AM ---
    The point being that I should be able to turn it on or off at will. BTW you should try to turning it off sometime, it is a nightmare of resetting accounts, resetting devices, logging out, logging in, etc. Apple clearly does not expect it to be turned off. Also note below from Apple support documents, the word required.

    From https://support.apple.com/en-us/HT207198
     
  7. chabig macrumors 603

    Joined:
    Sep 6, 2002
    #382
    Follow Apple's instructions: https://support.apple.com/en-us/HT204915

    "You should also consider verifying an additional phone number you can access, such as a home phone, or a number used by a family member or close friend. You can use this number if you temporarily can't access your primary number or your own devices."
     
  8. cmaier macrumors G4

    Joined:
    Jul 25, 2007
    Location:
    California
    #383
    Lol. It’s been tested a hundred times in court.
    --- Post Merged, Feb 11, 2019 at 7:07 AM ---
    That’s what the criminal hackers are hoping for.
     
  9. 4jasontv macrumors 65816

    Joined:
    Jul 31, 2011
    #384
    Great. Provide a few. Cause the only ones I have seen revolve around giving customers the right to first doctrine sale. Of course that goes against the idea that they are only licensing the software.
     
  10. Taipan macrumors 6502

    Joined:
    Jun 23, 2003
    #385
    I don’t call their customers idiots in general, only those that do idiotic things like ridiculous lawsuits instead of using their brains.
     
  11. 31 Flavas macrumors 6502

    Joined:
    Jun 4, 2011
    #386
    No it isn't. In your ‘online situation’ you’re forgetting something - your account number. Whether its your email address, a username, or a literal account number - it’s the clear text or publicly know portion. In Donald Rumsfeld parlance this would be a ‘known known’ and therefor is not a “factor” in the equation.

    If you want to get technical - Yes, the ‘plastic’ card is “a thing you have” but since it’s static information its captureable like a password. Therefore it only something you need to know. So the reality is you are using two of the same ‘factor’. With one of your ‘factors’ being known information.

    It’s one factor authetication.
     
  12. maverick28 macrumors regular

    Joined:
    Mar 14, 2014
    #387
    That's the same thing. "Ridiculous", "idiots", "use their brains" are subjective qualitative adjectives and definitions that have a neutral contributing value and a weak evidential effect.
     
  13. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #388
    What does that have to do with what was brought up in the quoted post?
     
  14. flygbuss macrumors 6502

    flygbuss

    Joined:
    Jul 22, 2018
    Location:
    Stockholm, Sweden
    #389
    See the quotes below.

    It seems that some people here are complaining about 2 factor authentication without much knowledge how it actually works. I do understand that not everyone finds it necessary, though I think this is something you can figure out within two weeks (and turn it off if you don't like it). Could they provide this possibility for good? Of course!
    Do I have to sue because they don't?
    I don't think so. All you get is a more secure online service even if it feels inconvenient to some.
    The device you bought from apple is not directly affected and remains the same (you can call, write, surf, take pictures etc.) It's not that you need 2 factor authentication to unlock your phone.

     
  15. 2010mini macrumors 68040

    Joined:
    Jun 19, 2013
    #390
    Sorry, should’ve use the: /sarcasm at the end of my post.
     
  16. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #391
    And that still doesn't deal with the simplicity of being to enable or disable an option that affects you and is really up to you. (Or that reporting news is different that writing an opinion piece.)
     
  17. jdmachogg macrumors member

    Joined:
    Sep 15, 2008
    Location:
    Mount Maunganui, New Zealand
    #392
    Lo I would barely consider 2FA 'tough', nor compare it to driving safely :D

    Its barely even a nuisance, and totally worth it for the extra security.
     
  18. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #393
    So is a passcode or Touch ID or Face ID, and yet the user is allowed to enable or disable those as desired.
     
  19. gavroche macrumors 65816

    gavroche

    Joined:
    Oct 25, 2007
    Location:
    Left Coast
    #394

    he was correct.. and nowhere did he mention account number as one of the factors. account number, like Apple ID, would be useless in trying to withdraw money. If you were correct in saying that password and physical card were the same thing.. and this only one factor, you would only need one to gain access. good luck withdrawing money from any bank atm with just the code... or just the card.. see how far you get with that.
     
  20. Zwhaler macrumors 604

    Zwhaler

    Joined:
    Jun 10, 2006
    #395
    That's true, which is why I don't blame them for doing it. I was just stating the unintended consequences of 2FA in my particular case. Yes, I'd still rather have it off.
     
  21. gavroche macrumors 65816

    gavroche

    Joined:
    Oct 25, 2007
    Location:
    Left Coast
    #396
    Fair enough. I think the irony is that the reason many companies are starting to use 2FA is because the responsibility to keep accounts secure, and that they can and do get sued for breaches. So a lawsuit here just exasperates the problem.. kind of proving their point.
     
  22. flygbuss macrumors 6502

    flygbuss

    Joined:
    Jul 22, 2018
    Location:
    Stockholm, Sweden
    #397
    You can disable it within 14 days. iCloud and the connected services are free unless you need more then 5GB of storage.
    This service runs through apple servers and they are responsible for the provided security.
    IMO they can dictate the rules of such service and it's access.
    They don't charge you extra, they don't ask for any additional personal information.
    I really can't see any resulting downside besides you're old and / or unable to cope with too much technology.
    That's why my grandparents disabled it for now. Their iMac and iPhones still work flawlessly.
     
  23. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #398
    Which doesn't change any of what was brought up. What's the issue with being able to disable it beyond those initial two weeks? Apple deciding that's the way is certainly a response, but that doesn't mean that the approach can't be questioned or that it all can't (or perhaps even shouldn't) be different/better just because that's how it's been decided.
     
  24. 31 Flavas, Feb 11, 2019 at 12:46 PM
    Last edited: Feb 11, 2019 at 1:18 PM

    31 Flavas macrumors 6502

    Joined:
    Jun 4, 2011
    #399
    AussieSimon, the individual i responded to stated there are two factors at an ATM. #1 The plastic card. #2 the PIN code for that card.

    AussieSimon was mistaken on that account. Just because you have to present the username or account number on "a plastic card" (something you have) does not make it serve as a factor.

    This would be like arguing that the prox card that you maybe use at work to open doors is "1-factor" authentication on the basis of "it's something you have". No it isn't. Because anyone can use it (or steal it) and gain access. It's identity only. 0-factor.

    The ATM is only reading identity info off the mag stripe on the card - The account number. But, go ahead, if you want to argue semantics that AussieSimon didn't literally say "account number is a factor" that's fine. But, that's what the ATM card represents, your bank account number. They were representing that the ATM card counts as a factor.

    Correct.

    That ATM card, its mag stripe data, account usernames, or account numbers are useless on their own for account withdraws or logging into a website or ordering something. Why? Because the identity that they provide is protected by (typically) 1 factor of authentication. Needing to know the PIN for the account at the bank. Or the password for the website login or order purchase.
    --- Post Merged, Feb 11, 2019 at 1:13 PM ---
    Looking back though - I can see now how what I wrote was confusing though. I could have written that better. My apologies.
     
  25. flygbuss macrumors 6502

    flygbuss

    Joined:
    Jul 22, 2018
    Location:
    Stockholm, Sweden
    #400
    Agreed. Of course apple's decision can be questioned. Some people in this thread brought up that it might be relevant for future features or ambitions in raising the security level on apple's side in general.
    I just don't think that a law suit is a reasonable response to that decision even if one doesn't agree.
    (Their House / Service - Their rules).
    Also some people seemed to twist the facts here about the feature itself.
     

Share This Page