Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After Two Weeks

[Zwhaler]

I guess I'm in the minority here. I think it is ridiculous that Apple won't let people disable 2FA "after two weeks". This would sit better with me if there was a more obvious "off" switch, but it's quite hidden without a Google search on how to find it. For those who think the lawsuit is stupid, let me tell you that 2FA creates big problems when sharing an Apple ID aceross multiple devices in a family. Why should a teenager's iPod Touch have it's own Apple ID when they have permission to make purchases on their parent's account? Are they supposed to have their own credit card and Apple ID at 13 years old? Imagine that when the parent wanted to install an OS update on their MacBook Pro, it sent a 2FA authentication code to the kid's iPod Touch. I made up this scenario, but this was basically my experience except with different devices (iPhones, iPads, Mac Pro, and MacBook Pro) on the same Apple ID.

I remember the iPhone / iPad settings notification deceptively duped me into turning it on in the first place (some services will not be available until you sign into your Apple ID again, or some message like that...) I clicked continue and BOOM it's on and there. There wasn't sufficient disclosure that I was even turning it on! It wanted me to "sign in again" and put in the password twice and it turned it on. The settings page didn't mention what was really going on. I couldn't find an off switch for over a week until I finally searched for it and turned it off with a few days to spare before the two-week limit. It is ridiculous... I couldn't even do something on my Mac Pro without it pinging someone in my family's iPhone for approval because we're on the same Apple ID. Yeah... the first time it did that, I took care of the issue promptly. This isn't a big deal if there's one Mac and one iPhone, but it can get messy from there.

 

[Solomani]

I can only quote Shakespeare…..

 

[MobiusStrip]

What a moron. If anything, users should sue Apple for forcing them to use an E-mail address as their user ID, and refusing to consolidate the resulting multiple Apple accounts that people inadvertently set up. The lay user can easily then lose apps or other content that they've purchased with old Apple IDs, when their E-mail address changes (with a job, ISP switch, whatever). The stupidity of using an E-mail address as a user ID is neatly summed up here: https://goldmanosi.blogspot.com/2012/06/forcing-people-to-use-e-mail-address-as.html

 

[MORGiON666]

I really dont understand how people have so much trouble with 2FA. We have it on for all the family accounts, have gone through device upgrades and broken devices no trouble. Very rarely do we actually get a 2FA prompt with everyday use.

Security is an inconvenience?? I should be able to weaken my security??? Really people think about what you are saying!

 

[pika2000]

I guess I'm in the minority here. I think it is ridiculous that Apple won't let people disable 2FA "after two weeks". This would sit better with me if there was a more obvious "off" switch, but it's quite hidden without a Google search on how to find it. For those who think the lawsuit is stupid, let me tell you that 2FA creates big problems when sharing an Apple ID aceross multiple devices in a family. Why should a teenager's iPod Touch have it's own Apple ID when they have permission to make purchases on their parent's account? Are they supposed to have their own credit card and Apple ID at 13 years old? Imagine that when the parent wanted to install an OS update on their MacBook Pro, it sent a 2FA authentication code to the kid's iPod Touch. I made up this scenario, but this was basically my experience except with different devices (iPhones, iPads, Mac Pro, and MacBook Pro) on the same Apple ID.

I remember the iPhone / iPad settings notification deceptively duped me into turning it on in the first place (some services will not be available until you sign into your Apple ID again, or some message like that...) I clicked continue and BOOM it's on and there. There wasn't sufficient disclosure that I was even turning it on! It wanted me to "sign in again" and put in the password twice and it turned it on. The settings page didn't mention what was really going on. I couldn't find an off switch for over a week until I finally searched for it and turned it off with a few days to spare before the two-week limit. It is ridiculous... I couldn't even do something on my Mac Pro without it pinging someone in my family's iPhone for approval because we're on the same Apple ID. Yeah... the first time it did that, I took care of the issue promptly. This isn't a big deal if there's one Mac and one iPhone, but it can get messy from there.

Why do you use your Apple ID on someone else’s device? The idea of an Apple ID is yours, for your own devices.

Devices for kids or family members? Just set up Family Sharing with their own accounts.
https://support.apple.com/en-us/HT201084
[doublepost=1549763937][/doublepost]

I really dont understand how people have so much trouble with 2FA. We have it on for all the family accounts, have gone through device upgrades and broken devices no trouble. Very rarely do we actually get a 2FA prompt with everyday use.

Security is an inconvenience?? I should be able to weaken my security??? Really people think about what you are saying!

Because people don’t want to take accountability. But guess what, the moment this guy’s account is hacked, he would be the first one in line suing Apple for not having enough security.

 

[Octoberist]

This lawsuit should be dismissed with fees and costs assessed against the plaintiff.

 

[0388631]

I appreciate the feedback. It’s not always easy to please everyone. I rarely add any opinion to my articles and try to stick to the facts. Had I not used the word “frivoulous” here, though, there likely would have been a handful of comments asking “why is this a story?” This lawsuit contains multiple obviously false allegations.

My goal is to share new information about Apple. So, if they’re named in a lawsuit, regardless of how silly the complaint may be, then I aim to report the news. Perhaps I should stick to ignoring the comments asking why some topics are stories. It’s tough.

Joe, best way to approach is it just write the editorial without any personal opinion. It leaves a professional feel to it, which is what MR is likely after, and avoids MR becoming the TMZ of the Apple-fan world or rather any tech site. Let the members hash it out. They do it regardless of what's written in the editorial.

 

[Justanotherfanboy]

I think this is great, actually.

To be clear, I do think two-factor authentication is much more secure (obviously). But I hate that Apple is so determined to force its users into using it. If someone doesn't want it then they have the right to disable it. Plain and simple. Our devices and accounts should be ours to control.

Lol.
What a silly opinion!
Your Apple ID is “yours”?
Wow. How much did you pay for it?
Oh, nothing? Oh, Apple gave it to you for free? Huh... well, since it’s “yours” you must be storing everything associated with it locally & it would still keep working perfectly, even if Apple ceased to exist, right? Oh, no? Oh, they’re actually performing all the managing of it & storage for you for free, and all you do is choose a password and log in?
Sooooooo.... what again makes you think you should be able to bypass their logical & sensible security policy, created to keep both you (data) & them (reputation) safe?

Despite your assertion; Apple isn’t “forcing” anyone to do anything.
If you use your iPhone sans Apple ID... guess what??
You’ll NEVER be asked to keep it secure.

 

[chabig]

If a lawsuit is "frivolous" it is plainly without merit and technically speaking, the lawyer who brought it could be sanctioned, as it is unethical to file frivolous lawsuits. It's just a really heavy and loaded term.

Calling it a "questionable" filing or saying it was "likely to cause some to question its merits" would have been more appropriate, I think.

The lawyer who drafted this pleading made several factually falsifiable allegations, and ought to be sanctioned for wasting the court's time.

 

[patent10021]

If you are reading this I own real-estate in your mind. I am suing you for trespassing.

 

[mrboult]

Good for them. I HATE the two factor authentication. Certainly had no idea what a can of worms I was opting into whenever I apparently opted for this crap. Not being able to buy and use a new phone without my laptop/ipad on me is a joke!!

 

[trusso]

I feel bad, some people lost an entire 30 seconds of their life entering in a code while setting up their phone. 30 seconds they’ll never get back.

Can I sue this woman for wasting a couple minutes of my “personal time” reading this article and responding?

What woman? The writer is a man and the plaintiff appears to be a man as well.

Even though I have no issue with two-factor authentication, I support this man’s legal right to bring a suit against a company for redress of greivances, regardless of the merits of the case. Moreover, a disinterested observer would have to admit that Apple can be quite pushy and opaque about a great many things.

I appreciate the feedback. It’s not always easy to please everyone. I rarely add any opinion to my articles and try to stick to the facts. Had I not used the word “frivoulous” here, though, there likely would have been a handful of comments asking “why is this a story?” This lawsuit contains multiple obviously false allegations.

My goal is to share new information about Apple. So, if they’re named in a lawsuit, regardless of how silly the complaint may be, then I aim to report the news. Perhaps I should stick to ignoring the comments asking why some topics are stories. It’s tough.

No harm, no foul. I completely understand your line of reasoning, and you can be sure my comments were not personal, nor directed only toward you. I understand the MacRumors team has a lot on their shoulders. And a lot of commenters are full of crap. But the increasing (if subtle) editorializing I see in many news outlets today concerns me, especially because many readers may not recognize it as such. That’s why I piped up.

 

[Zwhaler]

Why do you use your Apple ID on someone else’s device? The idea of an Apple ID is yours, for your own devices.

Devices for kids or family members? Just set up Family Sharing with their own accounts.
https://support.apple.com/en-us/HT201084

I set up the Apple ID before it was called Apple ID, back when I wanted to buy songs on iTunes in the early 2000's. I have had other immediate family members (not children in my case) share the Apple ID, mostly now so it shares songs purchased on iTunes with DRM. Basically Apple invented all of these family ID sharing terms and conditions way after I started using it, and I don't want to change everything around and create all these new Apple IDs because of it. So if 2FA got stuck on, it would ping other devices and cause problems. Yes, I'm not up-to-date on adjusting to Apple's new account practices, but I don't want to. That's why 2FA is a problem here. I'm sure Apple also wants to reduce security breaches by forcing people to slowly migrate over to 2FA, but this was an unintended consequence which I luckily was able to reverse.

 

[Jim]

believe it or not, not everyone has multiple apple devices handy. It''s silly to prevent someone from changing a devices setting because they often change hands within a family. I gave my old iPhone to my mother and it was a pain to get rid of the setting she didn't need. She's 88 and uses the iPhone as ... a phone. Quite a concept.

 

[KPandian1]

Your Apple ID is “yours”?

If you use your iPhone sans Apple ID... guess what?? You’ll NEVER be asked to keep it secure.

Yes, like any email that is generated by a domain that I don't own is mine! Gmail, hotmail - all of them.

How to use the iPhone without an Apple ID if you also want to use the App Store; can it be done?

 

[MORGiON666]

believe it or not, not everyone has multiple apple devices handy. It''s silly to prevent someone from changing a devices setting because they often change hands within a family. I gave my old iPhone to my mother and it was a pain to get rid of the setting she didn't need. She's 88 and uses the iPhone as ... a phone. Quite a concept.

It’s an account setting

 

[Mr. Heckles]

believe it or not, not everyone has multiple apple devices handy. It''s silly to prevent someone from changing a devices setting because they often change hands within a family. I gave my old iPhone to my mother and it was a pain to get rid of the setting she didn't need. She's 88 and uses the iPhone as ... a phone. Quite a concept.

Why do you need multiple devices? My nephew has just an iPhone and zero issues. He has his number and his moms (my sisters) numbers as a back up.

 

[Roger67]

Apple was never known as a user choice company, so this doesn't surprise me.

For the sheepple.

 

[panjandrum]

pathetic!! so people don't want security anymore great

I think the problem is that it's so cumbersome and unhandy that people would rather just not have it. It's an incredible PITA. Think of it this way. Would you want to have to unlock your car, then find another car you happen to also own, in order to be allowed to actually use the first car? I don't think so. Probably you would just start leaving the darn car unlocked in the first place. A security system that's too time-consuming, prone to not-functioning when needed (lost or broken or simply not nearby second device), or not even all that secure anyway (SIM swap scam, anyone? anyone?), isn't really all that useful.

Not saying we don't want and need security, but we've got to figure out a way to make is less of a burden, not just for the sake of our sanity, but so people don't start skipping it altogether because it's too cumbersome for routine use.

 

[likegadgets]

I just helped an elderly person set up an iPhone. This is the only device they have. No computer. They need an apple ID or they cannot download the two apps he needs. I tried to avoid 2 factor and it was impossible. They Apple store put me in touch with support and there was no way to avoid it. This elderly person does not need the extra security - there is nothing in his account. He needs simplicity and be able to recover a forgotten password or login without a second device (security questions are sufficient). He really needs Uber and Postmates - so I will likely return the iPhone and just get him an Android with these two apps - because of the 2 factor. I also got him an iPhone 8. We tested the face recognition. It was too difficult for the elderly user - fingerprint much simpler

 

[shyam09]

Yea, it's such a pain having to remember my PIN too. The ATM should just give me money.

List of things that make life a pain:

Passwords: It should be fine if my password is password. But no, we need numbers, symbols, uppercase, lowercase, etc.

Keys: Why do I have to remember to carry my car keys or my house keys? Other people are going to steal from me. Just lock them up, so I don't have to worry about it.

SSN: My SSN should be simple like 000-00-0000. Instead it's 861-02-20168. Like how am I supposed to remember something so complicated!

Pooping: Like why do I have to waste time pooping? We should just be able to zap it by now.

Rain and Snow: I was going to go for a walk the other day, and it was raining. How do I turn off the rain? I looked everywhere, but there isn't an option!

 

[Glockworkorange]

The lawyer who drafted this pleading made several factually falsifiable allegations, and ought to be sanctioned for wasting the court's time.

Seems like they will have to go through some discovery before we get to that point.

Apple is a very attractive target, but they certainly have the $$$$ to fight it.

 

[Scooz]

Heh, CT: Is this paid by Apple to have a negative decision by a court should someone with real arguments at a later point really want to go back to plain authentication?

Otherwise I can‘t see how the plaintiff would argue using the described „facts“.

Personally I find Apple‘s implementations annyoing and with weird surprises in the process that do not actually improve my trust in the actual safety of that feature.

 

[Roger67]

Why?

"Why?", indeed. Some don't know how good they've got it. Apple is deigning to share it's greatness with this world ,including the unwashed ( praise be!), and some dare to complain.

 

[B4U]

Without commenting on the merits of this case, I'd prefer that the MacRumors team not editorialize like this. Leave that to the pundits. Share the facts and leave it at that.

We can come to our own conclusions, thankyouverymuch.

This!
I am also trying to see unbiased reporting, but it is getting rarer and rarer to see that happening everywhere lately.