Apple being sued because two-factor authentication on an iPhone or Mac takes too much time...

12467

Comments

  • Reply 61 of 126
    All this time and money wasted, when all they really need to do is just use a windows device for a day to get a little perspective. 
    DAalseth
  • Reply 62 of 126
    eriamjheriamjh Posts: 1,630member
    Security may be inconvenient.  One must be able to disable it, but that itself creates insecurity.   

    I guess if if you lose to sell your other device, there needs to be a way to change or disable it.   Otherwise, you’re totally screwed.   
    edited February 2019
  • Reply 63 of 126
    baron von chilidogbaron von chilidog Posts: 1unconfirmed, member
    Two-factor authentication is out there for a reason, and it is up to the user to use it or not. Apple is a big pain in the *** with its "reminders", (not to mention the fact, for those of us that don't use an iPhone, that Apple then has another channel to annoy us with). I will use it if I need it. Now shut up.
  • Reply 64 of 126
    mac_dogmac_dog Posts: 1,069member
    Can’t wait till the judge throws this one out, laughing hysterically while he or she does it. Meanwhile, the winner is...the lawyers. 

    Its too bad the judge can’t award court costs to the attorneys with the stipulation they can’t pass it along to their client—even though their client is a complete buffoon. 
  • Reply 65 of 126
    MacProMacPro Posts: 19,718member
    The filer is a whiner and a complete idiot  Can you imagine what he’d do if someone hacked into his iCloud account?
    He'd sue Apple no doubt.
  • Reply 66 of 126
    DAalsethDAalseth Posts: 2,783member
    Suits like this are why lawyers are held in such low esteem..
    Solinetmage
  • Reply 67 of 126
    cgWerkscgWerks Posts: 2,952member
    mset68 said:
    ridiculous. it takes less than 10 seconds
    Not if you don't have the 2nd factor with you.

    I want to sue this dude for trying to make our Apple ID accounts less secure.
    Apple already took care of that with 'security questions.'
    microbe
  • Reply 68 of 126
    It is a right pain & they need to give me the option to turn it off.
    microbe
  • Reply 69 of 126
    For people who don’t know, you can set more then 1 device to receive the code. you can even set it to go to more then 1 phone number. I have both my phone number and my wife’s phone numbers. My iPhone, iPad, iMac, Macbook Pro, my wife’s iPhone, and my 1 and only Windows computer. When I sign into my account or a new device, any device that is powered on will get the alert. One top of all
    of that, I changed all of my passwords to be the suggested strong passwords, and activated 2FA on all of my accounts, using the Authy authenticator app. 

    I recently had a friend who had his phone spoofed and email compromised, they wiped him clean. Took all of his money, and started charging things to his ebay account and amazon account. He was able to stop a lot of it, and froze all of his accounts. But when he called me it made me realize I needed to better secure myself, which led me to what I said earlier. 
  • Reply 70 of 126
    dysamoriadysamoria Posts: 3,430member
    entropys said:
    “The first thing we do, let’s kill all the lawyers”
    I agree that this is a bizarre thing to start a lawsuit over, but the lawyer killing quote is even worse. I mean, an “all lawyers are bad” mentality is pretty ludicrous too.
  • Reply 71 of 126
    mac_128mac_128 Posts: 3,454member
    patsu said:.

    There needs to be a fallback that works when other trusted devices are not available. 
    There is already a fallback when your trusted devices are unavailable. It's your trusted phone numbers:

    You'll receive the code via text or an automated call.


    If for some unholy reasons you hate (free !) trusted phone numbers, there is also another way. Buy 1 more small/cheap Apple device for backup 2FA handling. I have 1 iPhone, 1 iPad and 1 Mac. Should be pretty robust where 2FA token is concerned.


    Other companies like Microsoft use this awfully silly long code as your last backup code. Everyone has to write or print it for safekeeping. I never remember where I keep that piece of paper. So it's completely useless in this regard.

    Using a small hardware token is also asking for more trouble. It's one more thing to lose. And it's the ONLY one. Lose it and you're done for.
    I guess your trusted numbers are good unless your numbers been sim-spoofed.

    Or your phone is lost or stolen.

    A token can be lost or stolen, but then it’s the backup to the device which could be lost or stolen. I don’t think anyone is suggesting it be the exclusive way 2FA is handled. But carrying around an aresenal of extra devices everywhere a person goes, is not the solution either.
  • Reply 73 of 126
    Lol.. using the same logic, he should sue fast food restaurants and his employer should be able to sue him for taking a dump too long and missing productivity. 
    netmagestompy
  • Reply 74 of 126
    patsupatsu Posts: 430member
    cgWerks said:
    patsu said:
    Not really. 

    Such a reversal will need an equally strong security to prevent bad guys from turning off your 2FA at will.
    That means you'll need your 2FA to turn off your 2FA, which won't help the plaintiff anyway when he's already in trouble. :-)
    No, not if it works such that when you're authenticated and into your account (ie: already authenticated using 2FA) then you can turn it off.


    Not really. You'll still be asked for your password again even if you're logged in (just like when you try to change your password).

    Bottomline is downgrading a 2FA account is bad news. It weakens the 2FA for people who adopted 2FA.

    patsu said:
    There is already a fallback when your trusted devices are unavailable. It's your trusted phone numbers:
    You'll receive the code via text or an automated call.
    So much for any security of 2FA, then.


    Any 2FA that uses telco infrastructure to deliver the 2FA code can be hacked by spoofing SIM assuming the attacker knows your trusted phone number.

    patsu said:
    Other companies like Microsoft use this awfully silly long code as your last backup code. Everyone has to write or print it for safekeeping. I never remember where I keep that piece of paper. So it's completely useless in this regard.
    A home safe? But, then yeah, it wouldn't help you while traveling. But, it's more secure than Apple's 2FA (w/ security questions and that backup SMS).

    If you have a low-tech, low-security path in, then the whole system is compromised by that. At least if it's a complex code you keep in your safe, it is a relatively high security entry point on the scale of the on-line world. Security questions and SMS are hacker's dreams.

    That long complex code is completely useless if lost. Or worse, found by someone else.
    If you're traveling, it's useless too.
    And there are malware that search for such code on your computer if you keep a copy on your PC.

    When I travel, I take my phone and an iPad or Mac with me. So no problem to retrieve 2FA code while traveling for me !
    I find Apple's implementation the most balanced to-date.

    edited February 2019
  • Reply 75 of 126
    patsupatsu Posts: 430member
    mac_128 said:
    patsu said:.

    There needs to be a fallback that works when other trusted devices are not available. 
    There is already a fallback when your trusted devices are unavailable. It's your trusted phone numbers:

    You'll receive the code via text or an automated call.


    If for some unholy reasons you hate (free !) trusted phone numbers, there is also another way. Buy 1 more small/cheap Apple device for backup 2FA handling. I have 1 iPhone, 1 iPad and 1 Mac. Should be pretty robust where 2FA token is concerned.


    Other companies like Microsoft use this awfully silly long code as your last backup code. Everyone has to write or print it for safekeeping. I never remember where I keep that piece of paper. So it's completely useless in this regard.

    Using a small hardware token is also asking for more trouble. It's one more thing to lose. And it's the ONLY one. Lose it and you're done for.
    I guess your trusted numbers are good unless your numbers been sim-spoofed.

    Or your phone is lost or stolen.

    A token can be lost or stolen, but then it’s the backup to the device which could be lost or stolen. I don’t think anyone is suggesting it be the exclusive way 2FA is handled. But carrying around an aresenal of extra devices everywhere a person goes, is not the solution either.
    I don't use a trusted number myself. If I do use it, will probably pick an unused number in a family plan, or my home phone.

    Had lost my phone temporarily before. Not a big deal. My iPad is easily accessible even on a trip.
    1 iPad is not an arsenal. I use it for bedtime reading and trip research anyway. :-)

    A true 2FA hardware token is not a backup. It is THE token. Had to request the bank to get a new one when I lost it.
  • Reply 76 of 126
    I would agree with the lawsuit. The two factor authentication process is time consuming and inconvenient for the users.  
    Apple should work on another way to strengthen security. What happened to simple and intuitive philosophy of Apple’s? 
    Yeah, I can see where 22 seconds periodically would be a major drag on your day.
    I think something else occurred to spark the lawsuit.  See my other looong post.
    Or better yet, they switch to android phones....dont missed up w us satisfied w this security 
  • Reply 77 of 126
    Are there alternatives to two-factor authentication? Sure, how about Apple actually determining who I am? If Apple is too cheap to come up with their own way, why don't they just use something that we already use to prove our identity, like our passport or other valid IDs? And I could show my physical IDs to an Apple representative in a FaceTime session, since that technology works fine. I know half of you will think I'm joking, but I'm not. I understand each nation has its own ID documents, but Apple is big enough to handle that.
    cgWerks
  • Reply 78 of 126
    discopants123discopants123 Posts: 3unconfirmed, member
    I’ll just say that two factor identification is one thing when it’s your account and your computer.  And you know everything in memory.

    And it’s another thing for say my parents in their 80s to know all of this.  They don’t have smart phones (don’t want them either and yes I’ve tried) so can’t receive text messages via mobile.

    I spent the last few evenings trying to get them up to speed. It was not easy. My dad somehow enter the password in the iPad he was setting up that I gave him doesn’t even remember it and it locked and then the whole reset process took two damn days.

    The thing that bugs me the most, is that after I have all of the devices there and I’ve entered all of the passwords and done everything, it seems like minutes later I can get asked to enter all of that information again. That is extremely tedious when you’re doing that for somebody else. Seriously Apple if you just asked me for the password a minute ago don’t bother me with that again for 15 more minutes at least please. 
    cgWerks
  • Reply 79 of 126
    lwiolwio Posts: 110member
    Security can be a pita but it’s there for a reason. The same person, amongst others, would be suing if someone easily broke into their device. I’m sure the first person who had to carry a key was pissed off too. 
  • Reply 80 of 126
    There is something to this. I seem to remember APple forcing 2fa in order to use all of the icloud services. I think later they relaxed this rule. Make no mistake. There are far worse consequences than Apple losing lawsuits or even being sued over seemingly frivolous things. Think About how frustrated the customer must be to actually carry out this lawsuit. You know it and I know it. Apple's security measures are a major pain in the ass. Faaaaar outreaches it's usefulness. If Apple keeps this up, it will continue to see its userbase shrink/sales fall. iPhone X series phones, homepod, FLOP FLOP.
    microbe
Sign In or Register to comment.