Apple Sued Over Not Letting Customers Disable Two-Factor Authentication After Two Weeks

[myrtlebee]

I'm probably missing something obvious, but I've had two-factor authentication turned on for years and I always get the 6 digit passcode popping up on the actual device I am asked to input it in, as well as on my other devices. I don't really see the point of it if they are "giving you the answer" like that. Maybe there's a glitch with my account or I'm not understanding the concept.

 

[navigates]

The point here is to have the ability to disable dual factor when it's not needed. Apple should allow the change regardless of two weeks. When I changed my device, I was unable to get the dual factor on my new phone. I called apple for hours without success, eventually, I realized I had an old iPhone 6 inside which I powered on and thankfully got the code for dual factor. If I didn't have that phone, I would have gotten a runaround.

I feel this security is enforced to make the pockets deeper. Typical of Apple. "Remember the battery fiasco - It is for sure not the most ethical company imo but they do make good devices so we kind of have to buy it.

 

[DonutHands]

Maybe not worth suing over, but I would like the ability to turn off 2FA.

 

[Kastellen]

My biggest problem with Apple's two-factor system is that it doesn’t always require two devices. Every time I log in to iCloud.com on one of my Macs a two-factor box pops up, and when I request the code it appears ON THE MAC I'M ALREADY ON. WTF, Apple? Is it that you are too dumb to realize the Mac I’m on is already authorized? Or that you don’t realize you are sending the authentication to the same device that is requesting it? Either way, that’s some idiotic programming.

 

[Ruskes]

My biggest problem with Apple's two-factor system is that it doesn’t always require two devices. Every time I log in to iCloud.com on one of my Macs a two-factor box pops up, and when I request the code it appears ON THE MAC I'M ALREADY ON. WTF, Apple? Is it that you are too dumb to realize the Mac I’m on is already authorized? Or that you don’t realize you are sending the authentication to the same device that is requesting it? Either way, that’s some idiotic programming.

Realize even on your Authorized Mac, it takes Apple to send you the code to it to confirm. When you send to is not the same as receiving from.

 

[Zwhaler]

You dont get to make your accounts less secure.

If you understood my earlier post, you'd see why I want it off. I can't update my Mac Pro without having someone else's iPhone get a code. Sure, I'm "supposed to" have separate Apple ID's for everybody, but I don't feel like it yet. I'm all for the security improvements, just not the collateral damage for outliers like me. If I could choose which devices the 2FA gets sent to (that have already been set up) that would help remedy the situation.

 

[KPandian1]

I hate giving up info to the data miners, still see the value in the 2FA.

The average John/Jane don't seem to understand the drowning that happens in identity theft. It is so easy for the thieves.

I have lost two "free" email accounts - Google and Microsoft - just by being careless enough to not logout of the account before logging in at another computer; its complicated. However, the lesson learned is, how serious these services are about security.

The only peeve is that they keep asking for complicated passwords, which need to be changed every so often. Caps, numerals, special characters … it is impossible to keep in memory. Only way is to use a password program or meticulously write them down!

That is a lot to ask a 70-year old retiree who is wading into online banking/billpay, smartphones, multiple devices, preference of feature phones, and all the phishing/hacking out there. Or, getting them to understand how devastating their final years can be if they do get their identity stolen.

Most people, young and old, don't even understand the concept of credit freeze. Still, learning and implementing these safeguards is not nuclear physics.

 

[Zwhaler]

Do you still want to keep your PIN code for the ATM ?

Not sure what that means... keeping my PIN code is like keeping my password for my Apple ID. If anything it's an example of single-factor authentication.
If the 2FA from my Mac Pro sent to my Android, that would be different, but not a family member's iPhone. No thanks! Not until I have more control over which pre-authorized device the code gets sent to.

 

[maverick28]

Very good news. I completely ****ed up with 2-factor. The most useless and garbage authentication implementation ever invented. Once I enabled I was never able to revert. On the phone support session with Apple Support for more than 1 month trying to resolve inability to access my iCloud account and related services on older OS'es that won't simply log me in after enabling this ****ing 2-FA on a newer OS. A thread on Apple Support Forums reached more than 2K hits "I also have this problem" by now - people having older devices running pre-ElCap or iOS 9 or smth. 2-step was bearable, 2 FA is complete pile of ****. This securing better "security" is got to the point of annoying obtrusiveness but they still doubling down on intimidating us into enabling it or upgrading by citing researchers constantly finding new "cyber threats": how convenient - Apple can push new upgrades and make obsolescence happen at faster pace "than ever before" (BTW, you can buy another idevice with us to help fixing your FA nightmare). 2-FA is a completely far-fetched necessity and a way to lure customers into buying more stuff.
I've browsed the darkest corners of the web with a freaking old Safari 5 up to now, with unsupported Chrome, Firefox with 0 consequences. The most significant issue was not "security" but incompatibility. And annoying popups and scam messages appear in every version of every browser be it Safari 5 or Safari 12.

P.S. "Frivolous lawsuit..", "false statements.." What shill wrote this idiotic article? #LearnToCode, maybe?

 

[Ruskes]

Very good news. I completely ****ed up with 2-factor. The most useless and garbage authentication implementation ever invented. Once I enabled I was never able to revert. On the phone support session with Apple Support for more than 1 month trying to resolve inability to access my iCloud account and related services on older OS'es that won't simply log me in after enabling this ****ing 2-FA on a newer OS. A thread on Apple Support Forums reached more than 2K hits "I also have this problem" by now - people having older devices running pre-ElCap or iOS 9 or smth. 2-step was bearable, 2 FA is complete pile of ****. This securing better "security" is got to the point of annoying obtrusiveness but they still doubling down on intimidating us into enabling it or upgrading by citing researchers constantly finding new "cyber threats": how convenient - Apple can push new upgrades and make obsolescence happen at faster pace "than ever before" (BTW, you can buy another idevice with us to help fixing your FA nightmare). 2-FA is a completely far-fetched necessity and a way to lure customers into buying more stuff.
I've browsed the darkest corners of the web with a freaking old Safari 5 up to now, with unsupported Chrome, Firefox with 0 consequences. The most significant issue was not "security" but incompatibility. And annoying popups and scam messages appear in every version of every browser be it Safari 5 or Safari 12.

P.S. "Frivolous lawsuit..", "false statements.." What shill wrote this idiotic article? #LearnToCode, maybe?

so WHY did you Enable it in first place?

 

[maxjohnson2]

so WHY did you Enable it in first place?

For me it was to have access to the app password so I can get my icloud mail on a non-Apple device.

 

[maverick28]

so WHY did you Enable it in first place?

I was forced to when I had to use FaceTime and Mail client on my Android and Apple sent me a letter of notice specifically stating said change in its policy: it wasn't a requirement when I used Lion until I received the letter in June/July of 2017, it was 2-step for me afterwards and since I ran only Lion. I later upgraded to High Sierra and my AppleID was automatically transferred to 2-FA without any option to turn that crap off.

 

[TrulsZK]

In my opinion Two-Factor Authentication should have been required to create an AppleID, for existing AppleIDs created before Two-Factor Authentication, users should be forced to activate Two-Factor Authentication within a deadline, after that the AppleID will be locked/unusable until the user activates it.

I hate the security questions, much harder to remember the 3 answers, and takes longer to enter 2 answers than a Trusted Device. So in general Two-Factor Authentication is better than the security questions.

 

[Heineken]

Only in America.

 

[iBreatheApple]

Well there is a clear, and uncomfortable, bias in this article.

He is right (mostly) in that every time you login via the web after a reboot you have to go find an Apple device to authenticate. If you need to access data and don't have an Apple device handy you might be screwed.

I use two-factor and don't mind it. However, if someone pays $1,500 for phone and doesn't WANT to use, Apple shouldn't make them. If someone wants to be less safe why should Apple force them to use it?

God help me if my 80+ year old father starts having problems with two-factor, I'll curse Apple heavily. To that point I'm steering my parents the hell away from two-factor.
[doublepost=1549755806][/doublepost]

Your logic might be flawed... It sound like he purchased it and then two-factor came along....

You make it sound like he knew about two-factor, purchased it and then complained.

Understood. But SUING? Such a litigious society we live in.

 

[mrow]

So Apple has charged you for some apps in the past, but Apple doesn’t let you install an operating system that supports them. That’s not right.

Apple has not charged you for those apps. The developer charged you for those apps. Apple acted as a payment processor for the developer to charge you for their app. Be upset that the developer is not supporting the app that you paid them your money for.

Sometimes though, software just goes obsolete. It’s a fact of life.

 

[iBreatheApple]

Sometimes though, software just goes obsolete. It’s a fact of life.

I think the frustration lies within a much broader topic and that is the fact that we are spending more than ever on things we enjoy, but the technology is evolving so fast. A pair of headphones from 20 years ago kept in good shape can be quite the cool "artifact" today; How will your AirPods be in 20 years? More than likely non-functional or compatible. Whether the batteries go bad, or the bluetooth technology is no longer supported. So it's just frustrating. Another example, I bought Crash Bandicoot on PS3 as a virtual console game. PS4 comes out, those virtual console games "aren't compatible" with the PS4. So I buy it again. And yes, that's my choice, but damn. I work hard for my money, and I want to spend it on things I enjoy, it just feels like we are taken advantage of in so many ways nowadays.

Weird, digressing rant on a comment that wasn't even directed toward me. Sorry. Something just triggered. I blame the Tito's.

 

[Shanghaichica]

Only in America.

You should be able to turn it off but yes people sue overthing it seems.

 

[Heineken]

I think the frustration lies within a much broader topic and that is the fact that we are spending more than ever on things we enjoy, but the technology is evolving so fast. A pair of headphones from 20 years ago kept in good shape can be quite the cool "artifact" today; How will your AirPods be in 20 years? More than likely non-functional or compatible. Whether the batteries go bad, or the bluetooth technology is no longer supported. So it's just frustrating. Another example, I bought Crash Bandicoot on PS3 as a virtual console game. PS4 comes out, those virtual console games "aren't compatible" with the PS4. So I buy it again. And yes, that's my choice, but damn. I work hard for my money, and I want to spend it on things I enjoy, it just feels like we are taken advantage of in so many ways nowadays.

Weird, digressing rant on a comment that wasn't even directed toward me. Sorry. Something just triggered. I blame the Tito's.

Do you seriously expect software to be supported forever. If they supported those old games that ran on different hardware your new hardware and games would cost more to cover development costs associated with it. Nothing new.

 

[iBreatheApple]

Do you seriously expect software to be supported forever. If they supported those old games that ran on different hardware your new hardware and games would cost more to cover development costs associated with it. Nothing new.

I think you might have completely missed the point. I am comparing today's technology with that of which is 2 decades old and is outlasting today's technology due to things like limited life-cycles of batteries, evolving wireless standards ie bluetooth, etc. Of course I don't expect it to last "forever". Where did you get that?

 

[Heineken]

I think you might have completely missed the point. I am comparing today's technology with that of which is 2 decades old and is outlasting today's technology. Of course I don't expect it to last "forever". Where did you get that?

Your headphones analogy is not very good. What about Floppy and lpt cables? And a bunch of other tech from decades ago that you cannot use anymore on new devices unless you have a device from same time.

This is going to happen with all tech eventually.

 

[itsmilo]

Did not even know you cannot turn it off once turned on like wtf. Glad I never enabled it on my families phones ... they don’t even understand security questions, let alone this.

 

[leebroath]

Yes I was informed when I called up to complain about this by Apple

The guy on the line told me I had 2 weeks to opt out of this, which I never had an alert to and this happened a year ago apparently.

I do not like it as I work Offshore and sometimes the Wifi is down but can still get internet on the computer, I for one would like the 'option' to turn this off

Another thing that irritates me is the fact we cant organize our folders on iTunes anymore, we have to jiggle them on the device and its so frustrating moving them about! .... but that's another story

 

[Heineken]

Yes I was informed when I called up to complain about this by Apple

The guy on the line told me I had 2 weeks to opt out of this, which I never had an alert to and this happened a year ago apparently.

I do not like it as I work Offshore and sometimes the Wifi is down but can still get internet on the computer, I for one would like the 'option' to turn this off

Another thing that irritates me is the fact we can't organize our folders on iTunes anymore, we have to jiggle them on the device and it's so frustrating moving them about! .... but that's another story

It improves your account security and works seamlessly. What else do you want?

 

[flygbuss]

I'm probably missing something obvious, but I've had two-factor authentication turned on for years and I always get the 6 digit passcode popping up on the actual device I am asked to input it in, as well as on my other devices. I don't really see the point of it if they are "giving you the answer" like that. Maybe there's a glitch with my account or I'm not understanding the concept.

As I stated before. You signed up with your specific device and therefore it is trusted. You’ll receive the code on every trusted device. So in case someone knows your Apple ID credentials, your system password and is in possession of your trusted device, 2 factor authentication is not gonna protect you. But in that case something else seriously went south. If you try to login to iCloud.com on a public computer via browser you will need one of your trusted devices to receive the code.