Apple faces new class action for making two-factor authentication unduly difficult

Feb 10, 2019, 4:40 pm

Oindrila B.

More Post

Apple may now face new charges as a plaintiff named Jay Brodsky has filed with California Court, a formal complaint against the conglomerate for the approval of a further Class Action. Brodsky is demanding action against Apple for allegedly locking him out of his personal devices by devising an unduly difficult two-factor authentication system which cannot be disabled after the lapse of an initial working period of fourteen days.

The two-factor authentication may either be enabled automatically due to a software update or manually via settings. But either way, Apple is not allowing its users to disable the setting even after 14 days are over, thus forcing them to access their devices by not only remembering password but also entering a six-digit code being sent to other trusted devices. This is making the logging process extremely strenuous, notwithstanding the fact that users have to enter separate sets of passwords for accessing third-party apps requiring the same. And this authentication is needed every time a device is turned on.

“Two-factor authentication imposes extraneous logging in a procedure that requires a user to both (i) remember password; and (ii) have access to a trusted device or trusted phone number to receive an additional six-digit code that needs to be entered at the time of logging in addition to the user set password. A user does not have an option to disable such doubled up security measures and is stuck with wasting time to log on to his own device. Two-factor authentication requires additional steps to access any third-party apps or services requiring passwords. Two-factor authentication is required each time you turn on a device,” reads the complaint.

Furthermore, not only does Apple not seek user permission to enable the setting, but it also does not ask for user permission to disable the same. The users are provided with a lengthy email detailing the sound characteristics of the security system and a date when it may be disabled, something that Apple users in general and Brodsky in particular, finds dissatisfactory, to say the least.

“Apple does not get user consent to enable two-factor authentication. Apple does not get user consent to then remove the option forever to disable two-factor authentication, once it is enabled. An email with a long paragraph thanking the user and highlighting the good features of two-factor authentication followed by a simple single last line in an email saying that the link will expire on a given date is insufficient to put the user on notice of his options and make an informed decision as to whether to click the link to disable it,” the report further details.

Apple’s coercive policies have been continually harming some users everywhere, with Plaintiff and Class Members have suffered economic losses due to Apple’s interference with the use of personal devices, besides a complete wastage of own time required for such a hassled login process. According to the report, the Plaintiff and the Class are seeking monetary damages and declaratory and injunctive relief trying to prevent Apple from continuing such coercive practices that deprive users of any real choice.

The causes of action have been outlined as follows:

Count 1: Trespass to Personal Property

Count 2: Violation of the invasion of the privacy act

Count 3: Violation of the Computer Crime Law

Count 4: Violation of the Computer Fraud and Abuse Act

Join our Newsletter
Sign up to receive top tech stories daily delivered in your inbox
Share your thoughts. Enable the box to comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.