An Apple customer is suing the company over its supposedly “coercive” cybersecurity policies, which allegedly block access to iPhones, iPads and other computers, unless people enter both a password and a six-digit verification code.
“Apple’s coercive login process locks up access to plaintiff’s own devices,” Jay Brodsky alleges in a class-action complaint filed late last week in U.S. District Court for the Northern District of California. “Apple is continuously and on an ongoing basis making Plaintiff owned devices inaccessible for intermittent periods of time.”
The lawsuit centers on “two-factor authentication” -- a security technique aimed at blocking hackers and others from accessing devices without the owners' consent. Two-factor authentication typically requires users to enter at least two codes to access their device -- their password, and a separate verification code that's been sent to a separate device owned by the same user.
Brodsky, who says he owns an iPhone and two Macbooks, alleges that a September 2015 software update enabled two-factor authentication. He says the company gave him the option of disabling two-factor authentication, but only for 14 days, after which two-factor authentication becomes a permanent feature.
“A user does not have an option to disable such doubled up
security measures and is stuck with wasting time to log on to his own device,” he alleges.
But others have questioned that allegation. The publication MacRumorssays Apple doesn't turn on two-factor authentication unless users opt in to the security measure.
Brodsky also alleges that each log-in takes “an estimated 2-5 or more minutes,” but Apple Insider said its test of two-factor authentication found it only took 22 seconds.