In his class action suit, Brodsky alleges:
- Apple enabled 2FA on his account without his explicit consent. Which seems very odd, as my experience has been that Apple only offers 2FA on an opt-in basis.
- 2FA is too inconvenient to actually set up - requiring several steps on several devices.
- 2FA is just too darn inconvenient to use… because it requires to both remember a password *and* have access to a trusted device. Umm, isn’t this exactly how 2FA is supposed to work? Helping to stop hackers simply needing your password to break into your accounts.
- Apple doesn’t let you disable 2FA after it has been enabled for two weeks straight. This appears to be true. It looks like Apple gives you 14 days’ grace to deactivate 2FA if you wish, but after that… you’re 2FA-secured. Of course, this could be argued to be a good thing security-wise.
- 2FA is required every time an Apple device is turned on. Really? Can’t say I’ve noticed.
- 2FA takes between two to five minutes to complete. Hmm. When AppleInsider got its stopwatch out, it reckoned the 2FA process took them in total about 22 seconds to complete.
https://www.grahamcluley.com/apple-sued-two-factor-authentication/
No comments:
Post a Comment