Jay Brodsky is an Apple customer from California who has a bone to pick with the iPhone maker. He’s not happy with the way the company handles two-factor authentication, being so displeased with everything from the way it’s set up on iDevices to how it works that he’s taken a dramatic step — he’s actually filed a lawsuit against Apple that seeks class action status related to all of his complaints about this extra security layer.
Sound frivolous? No comment here. In Brodsky’s own words, via the lawsuit, one of his beefs is apparently that the set-up process is too complicated. “First,” the suit explains, “Plaintiff has to enter his selected password on the device he is interested in logging in. Second, Plaintiff has to enter password on another trusted device to login. Third, optionally, Plaintiff has to select a Trust or Don’t Trust pop-up message response. Fourth, Plaintiff then has to wait to receive a six-digit verification code on that second device that is sent by an Apple Server on the internet.
“Finally, Plaintiff has to input the received six-digit verification code on the first device he is trying to log into. Each login process takes an additional estimated 2-5 or more minutes with 2FA.”
The focus isn’t just the setup. The suit goes on to criticize Apple over 2FA for the fact that it can’t be rolled back after it’s been set-up and in place for two weeks. Meanwhile, Macrumors has called out several assertions in the lawsuit, “including that Apple released a software update around September 2015 that enabled two-factor authentication on Brodsky’s Apple ID without his knowledge or consent. Apple in fact offers two-factor authentication on an opt-in basis.
“Brodsky also claims that two-factor authentication is required each time you turn on an Apple device, which is false, and claims the security layer adds an additional two to five minutes or longer to the login process when it in fact only takes seconds to enter a verification code from a trusted device.”
The suit goes on to suggest that Apple has “unjustly received” funds, revenues and benefits from its action related to 2FA and that the company has also somehow violated California’s Invasion of Privacy Act. Justification for those isn’t spelled out in the complaint — but, nevertheless, you can read the full suit here: