Tech giant Apple has been slapped with a class action lawsuit that accuses its two-factor authentication process of taking too much time out of a user’s day, and being too disruptive and abusive since it can’t be revoked to a less safe login method after a period of 14 days.
Filed by California resident Jay Brodsky, the class action lawsuit alleges that Apple doesn’t receive user consent to enable two-factor authentication. Moreover, the lawsuit alleges that once enabled, two-factor authentication “imposes an extensive logging in procedure that requires a user to not only remember a password but also have access to a trusted phone number or device.”
Filing paperwork associated with the suit also alleges that potential class members “have suffered harm in the form of economic losses based on a waste of personal time due to an extended login process.”
The plaintiff, Brodsky, alleges that the email sent by Apple after successful two-factor authentication doesn’t warn users about the setting which is irrevocable. He also asserted that Apple is infringing upon California’s Invasion of Privacy act, but how that applies isn’t immediately clear.
Brodsky’s troubles with two factor authentication started around September 2015 when a software update allegedly auto-enabled the process. However, neither iOS 9 or macOS El Capitan at the time mandated two-factor authentication, nor implemented it without an explicit and multiple-step opt-in procedure requiring a user’s consent.
Interestingly, two factor authentication is required to take advantage of some of Apple’s services such as Home Sharing and HomeKit Hubs.
Now, the class action lawsuit is demanding fines, injunctive relief and penalties assessed on Apple in accordance with the Computer Fraud and Abuse Act. It also seeks “all revenues, benefits and funds” that Apple “unfairly received” from the action. However, what exactly that entails isn’t mentioned in the filing documents.