Two-factor authentication: Apple sued for security function

An American has sued Apple for its two-factor authentication. The function is too slow, he complains and demands to be able to protect his account less well again.

Two-factor authentication? That takes him too long, and he would like to get rid of the extra security right away. So can be summed up briefly, which is why the American Jay Brodsky has filed suit against Apple.

The case became known on the weekend, among other things, because the tech portals "Apple Insider" and "MacRumors" had reported about it. In the complaint, which can be viewed online, Brodsky's lawyer Apple claims that two-factor authentication, once enabled, "either as the default of a software update or accidentally by the user," lasts two weeks no longer disable. In fact, this is rather unusual, with other providers, the function can be switched off again.

Furthermore, two-factor authentication in the attorney's letter is referred to as a "bogus login procedure" that requires the user not to remember just one password: he also needs access to a trusted device, the second one to him Identification necessary factor is sent, which he then still has to enter.

In addition, the plaintiff accuses Apple that a two-factor authentication is required "every time a device is turned on". In addition, each login would take two to five minutes longer due to the added security feature. Jay Brodsky is annoyed: He would like to forego additional security and in the future can only log in with a password at Apple.

This is how Apple's two-factor authentication works

The first level of backup Apple has already set up when setting up the two-factor authentication: On the Internet, on Apple's website, you can not set up the system. Instead, you need for an Apple device, on which one is already logged in with his Apple account.

To enable two-factor authentication, open the Settings control panel and tap at the top of the box with its name, followed by Apple ID, iCloud, iTunes & App Store in small letters.

Now tap on Password & Security . Among other things, you can change your password here and enable two-factor authentication.

In addition, you can specify the trustworthy number in this field, to which Apple should send numerical codes via text message in the case of two-factor authentication, if sending as a push message does not work.

When everything is done, the Two-Factor Authentication field indicates that the feature is now turned on.

The next time you try to log in to Apple using another device with your data, you'll see a sign-in message on all of your authorized devices in the future.

If the respective device is unlocked, it is also displayed from where the login attempt is made. If a place appears here that you are not at, this is an indication of a hack attempt. Recognize the login as valid, tap Allow .

The six-digit number code valid for this login will then be displayed.

You must now enter this code in the appropriate fields on the page you want to log in to. In practice, everything is very fast.

At least his last two claims we could not understand in tests in the editorial. On the one hand, Apple devices with two-factor authentication enabled for the Apple account can be activated normally. On the other hand, it usually takes only a few seconds until the message about a login attempt on the associated Apple devices appears. Including sharing on each device and entering the six-digit code, which is transmitted by Apple, it comes so actually to little more than 20 seconds.

Authentication or confirmation?

However, looking for a way to disable two-factor authentication may confuse search engines with web pages that address a different topic. So, on Apple's support pages, you can find a guide titled "Disabling Two-Tiered Approval for Your Apple ID." However, you will not be able to find the switch labeled "Disable Two-Step Confirmation" if you enable two-factor authentication.

The two-step confirmation is something different than the two-factor authentication. In fact, this is an alternative method of securing accounts. Apple offers them to users who, for example, use older devices that can not be updated to an up-to-date software version and therefore are not suitable for two-factor authentication. The latter is only available from iOS 9 and OS X El Capitan.

And then there was the money

Plaintiff Brodsky demands from the court in California now that Apple is obligated to the omission and that the company a fine and fines are aufgerummt. In addition, the plaintiff and his co-plaintiffs would be entitled to "any monies, revenues and benefits that the defendant unlawfully received as a result of his actions". Brodsky now asks the court to allow his case as a class action lawsuit.