Class action suit against Apple claims that this security feature was forced on customers
Two-factor authentication is a more secure method of signing into a device. Here's how it works. Let's say you want to login to a device or an app. After punching in your password, a code is sent to another "trusted device" like the phone in your hand. Tap in the code on the device or app you want to open, and viola! Well it appears that two-factor authentication (2FA) isn't for everyone. In California, an Apple customer by the name of Jay Brodsky has started a class action suit against Apple because 2FA "imposes an extraneous logging in procedure that requires a user to both remember password; and have access to a trusted device or trusted phone number."
Brodsky's suit says that Apple doesn't allow a user to disable 2FA after 14 days have gone by. Additionally, the filing notes that Apple does not get user consent to enable the feature, or to remove the option to disable it. Brodsky says that "consumers across the nation have been and continue to suffer harm." And by harm, he means that the time spent using 2FA to open devices is costing businesses money and consumers their time. Brodsky, and the other members of the class, are seeking monetary damages and an injunction against Apple to prevent the company from "continuing its practice of not allowing a user to choose its (sic) own logging and security procedure."
The filing claims that Brodsky owns an iPhone and a pair of Macbooks and that on or around September 2015, a software update enabled 2FA for his Apple ID without his consent. He goes on to state that every time he turns on one of his Apple devices, he is forced to use 2FA and must use it for Apple Services and to open some third party apps. The essence of Brodsky's filing is that it takes him 2 minutes to 5 minutes longer for each login using the extra steps required with 2FA.
As pointed out by Apple Insider, in September 2015 Apple customers could only enable 2FA through a procedure that required them to opt-in. In addition, the suit itself contains a screenshot of an email sent to those who enabled 2FA on their Apple device(s) containing a link to "return to...previous security settings." The plaintiff says that the email doesn't make it clear that after 14 days, the link to disable 2FA expires even though it is written explicitly at the end of the message (see image directly below).
Image of email from law suit; plaintiff claims that the wording doesn't make it clear that after 14 days, 2FA cannot be disabled
Perhaps the most important line in the suit as far as Brodsky, the class, and the lawyers are concerned is the one that read, "Apple, Inc. is a multi-billion dollar company."