Apple facing class action lawsuit because its 2FA is ‘too disruptive’

Californian man accuses the firm of not seeking his consent, and of disrupting access to his personal devices

Apple is facing a class action lawsuit over assertions that its two-factor authentication (2FA) procedure is too disruptive, and poses far too long of an ordeal for users to go through.

Californian man Jay Brodsky has alleged Apple locks users into using 2FA without seeking proper and explicit consent, and says the process as a whole is far too demanding.

He has therefore taken the extraordinary step of filing a lawsuit that seeks 'class action' status, which in the US justice system means allegations made conventionally on behalf of a wide number of individuals.

Brodsky alleges he must first enter his selected password on the device he wants to login to, before entering the password on another independent 'trusted' device.

"Third, optionally, Plaintiff has to select a Trust or Don't Trust pop-up message response," the complaint continues.

"Fourth, Plaintiff then has to wait to receive a six-digit verification code on that second device that is sent by an Apple Server on the internet. Finally, Plaintiff has to input the received six-digit verification code on the first device he is trying to log into. Each login process takes an additional estimated 2-5 or more minutes with 2FA."

The complaint continues to accuse Apple of forcibly implemented 2FA across Brodksy's iPhone and two MacBooks in 2015, without his knowledge or consent. The firm also "forces Plaintiff to use 2FA that requires additional login steps each time Plaintiff's Apple device is powered on" as well as when logging into Apple services, and using third-party apps.

Crucially, once 2FA is enabled by default, through a software update or accidentally, and 14 days have lapsed, there is no mechanism to disable the additional security checks. This "imposes an extraneous logging in procedure" because a user must both remember a password, and have access to a trusted device to receive the six-digit code.

There are five counts which comprise the lawsuit, including trespass to personal property and a violation of the Computer Crime Law. Brodsky's complaint also demands the case be taken to a trial by jury.

The suit, furthermore, demands penalties be applied in accordance with the Computer Fruad and Abuse Act, and that all revenues Apple has "unjustly received as a result of its actions" rightfully belong to those bringing the action.

The scale of this lawsuit, however, pales in comparison to the ongoing legal wrangling between Apple and Qualcomm.

It emerged last month that Apple demanded $1 billion as an 'incentive payment' in 2011, according to testimony from Qualcomm CEO Steve Mollenkempf, when the chipmaker sought to be the sole supplier of modem chips for Apple's iPhone range.

Featured Resources

Virtual desktops and apps for dummies

An easy guide to virtual desktop infrastructure, end-user computing, and more

Download now

The total economic impact of optimising and managing your hybrid multi-cloud

Cost savings and business benefits of accelerating the cloud journey

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

What’s next for the education sector?

A new learning experience

Download now

Recommended

New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
Data breaches increase by a third as staff continue to work from home
cyber security

Data breaches increase by a third as staff continue to work from home

17 May 2021
What is phishing?
phishing

What is phishing?

17 May 2021
Cisco to acquire threat intelligence provider Kenna Security
Acquisition

Cisco to acquire threat intelligence provider Kenna Security

14 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021