Disclaimer: We may earn a commission if you make any purchase by clicking our links. Please see our detailed guide here.

Follow us on:

Google News

Apple faces new class action for making two-factor authentication unduly difficult

Oindrila Banerjee
Oindrila Banerjee
A English Literature student, love reading books, love literature and history, and enthusiastic about travelling. She likes to read random pieces of information and like watching films. She likes how refreshing it is to learn something new everyday. Her goal is to earn enough to take a trip round the globe.

Join the Opinion Leaders Network

Join the Techgenyz Opinion Leaders Network today and become part of a vibrant community of change-makers. Together, we can create a brighter future by shaping opinions, driving conversations, and transforming ideas into reality.

Apple may now face new charges as a plaintiff named Jay Brodsky has filed with California Court, a formal complaint against the conglomerate for the approval of a further Class Action. Brodsky is demanding action against Apple for allegedly locking him out of his personal devices by devising an unduly difficult two-factor authentication system which cannot be disabled after the lapse of an initial working period of fourteen days.

The two-factor authentication may either be enabled automatically due to a software update or manually via settings. But either way, Apple is not allowing its users to disable the setting even after 14 days are over, thus forcing them to access their devices by not only remembering password but also entering a six-digit code being sent to other trusted devices. This is making the logging process extremely strenuous, notwithstanding the fact that users have to enter separate sets of passwords for accessing third-party apps requiring the same. And this authentication is needed every time a device is turned on.

“Two-factor authentication imposes extraneous logging in a procedure that requires a user to both (i) remember password; and (ii) have access to a trusted device or trusted phone number to receive an additional six-digit code that needs to be entered at the time of logging in addition to the user set password. A user does not have an option to disable such doubled up security measures and is stuck with wasting time to log on to his own device. Two-factor authentication requires additional steps to access any third-party apps or services requiring passwords. Two-factor authentication is required each time you turn on a device,” reads the complaint.

Furthermore, not only does Apple not seek user permission to enable the setting, but it also does not ask for user permission to disable the same. The users are provided with a lengthy email detailing the sound characteristics of the security system and a date when it may be disabled, something that Apple users in general and Brodsky in particular, finds dissatisfactory, to say the least.

“Apple does not get user consent to enable two-factor authentication. Apple does not get user consent to then remove the option forever to disable two-factor authentication, once it is enabled. An email with a long paragraph thanking the user and highlighting the good features of two-factor authentication followed by a simple single last line in an email saying that the link will expire on a given date is insufficient to put the user on notice of his options and make an informed decision as to whether to click the link to disable it,” the report further details.

Apple’s coercive policies have been continually harming some users everywhere, with Plaintiff and Class Members have suffered economic losses due to Apple’s interference with the use of personal devices, besides a complete wastage of own time required for such a hassled login process. According to the report, the Plaintiff and the Class are seeking monetary damages and declaratory and injunctive relief trying to prevent Apple from continuing such coercive practices that deprive users of any real choice.

The causes of action have been outlined as follows:

Count 1: Trespass to Personal Property

Count 2: Violation of the invasion of the privacy act

Count 3: Violation of the Computer Crime Law

Count 4: Violation of the Computer Fraud and Abuse Act

Join 10,000+ Fellow Readers

Get Techgenyz’s roundup delivered to your inbox curated with the most important for you that keeps you updated about the future tech, mobile, space, gaming, business and more.


Partner With Us

Digital advertising offers a way for your business to reach out and make much-needed connections with your audience in a meaningful way. Advertising on Techgenyz will help you build brand awareness, increase website traffic, generate qualified leads, and grow your business.

Power Your Business

Solutions you need to super charge your business and drive growth

More from this topic