Apple Requiring Two-Factor Authentication for Developer Accounts as of February 27

Wednesday February 13, 2019 2:33 PM PST by Juli Clover
Starting on February 27, Apple will be requiring all developers to have two-factor authentication enabled for their Apple IDs, with two-factor necessary for signing into Developer accounts after that date.

Apple today told developers via email that the requirement is being implemented to help keep developer accounts more secure and to make sure that no third-parties can access a developer account.


Developers who do not have two-factor authentication enabled for their Apple IDs will need to turn it on by February 27.

Two-factor authentication can be enabled on an iPhone or Mac by following Apple's instructions. Once enabled, a verification code from a trusted device will be required when logging in to a developer account.

35 comments


Top Rated Comments

(View all)
Avatar
cmaier
5 days ago at 02:37 pm
Since you all are using a secondary iCloud account, like me, here’s the trick:

On your Mac, create a new user account. Set up that account to use your developer iCloud account. You will be prompted to turn on 2factor. Do so. Give it your phone number. When it’s done. Remove the user account.

Now, when you are prompted for 2factor, click the “I didn’t receive a code” link, and you can choose to send a code to your phone.
Rating: 10 Votes
Avatar
zorinlynx
5 days ago at 02:56 pm

This is extremely problematic for my use-case. I'm the Apple Developer/Connect admin for a very large organization that publishes multiple apps from multiple developers/app managers under our license.

Due to turnover and the account being tied to a large organization, the "owner" of the account is more of a role account, and not really tied to an individual with a particular number/device.

IMO if Apple really wants to enforce two factor, they need to offer more two-factor options or account for role-based accounts in a better way. This is going to be anywhere from a huge PITA to a nightmare. :(


I know, the first thing I thought when I read this was "Who the hell uses their personal Apple ID for a dev account?"

Apple needs to allow for receiving two factor codes for multiple Apple IDs on one device, otherwise this is going to piss people the hell off.
Rating: 8 Votes
Avatar
KazKam
5 days ago at 02:53 pm
This is extremely problematic for my use-case. I'm the Apple Developer/Connect admin for a very large organization that publishes multiple apps from multiple developers/app managers under our license.

Due to turnover and the account being tied to a large organization, the "owner" of the account is more of a role account, and not really tied to an individual with a particular number/device.

IMO if Apple really wants to enforce two factor, they need to offer more two-factor options or account for role-based accounts in a better way. This is going to be anywhere from a huge PITA to a nightmare. :(
Rating: 7 Votes
Avatar
cmaier
5 days ago at 03:13 pm

Since you all are using a secondary iCloud account, like me, here’s the trick:

On your Mac, create a new user account. Set up that account to use your developer iCloud account. You will be prompted to turn on 2factor. Do so. Give it your phone number. When it’s done. Remove the user account.

Now, when you are prompted for 2factor, click the “I didn’t receive a code” link, and you can choose to send a code to your phone.



Also, if you log off the account prior to removing the user, OR you remove the device in appleid.apple.com, then you don’t have to click a link each time. You will receive an iMessage each time you need to provide a code.
Rating: 3 Votes
Avatar
usarioclave
4 days ago at 09:27 pm
Why exactly do my accounts need to be more secure? Become someone is abusing the enterprise certificate program?
Rating: 2 Votes
Avatar
nt5672
4 days ago at 01:46 pm

This is extremely problematic for my use-case. I'm the Apple Developer/Connect admin for a very large organization that publishes multiple apps from multiple developers/app managers under our license.

Due to turnover and the account being tied to a large organization, the "owner" of the account is more of a role account, and not really tied to an individual with a particular number/device.

IMO if Apple really wants to enforce two factor, they need to offer more two-factor options or account for role-based accounts in a better way. This is going to be anywhere from a huge PITA to a nightmare. :(


Apple is looking for a PR solution, not a real solution. 2 factor the way Apple does it is not more secure, except maybe in a few very minor edge cases. To be secure, 2 factor needs to use a separate device from the one the login originated that always requires a password to access the key. The password needs to be different from the normal account password and it needs to be always locked. Apple marketing is engaging in security theater here at the detriment of users.
Rating: 2 Votes
Avatar
LovedMacFirst
5 days ago at 03:11 pm
We actually have the same issue above. Not sure why Apple has not embraced dual Apple IDs. Dropbox as an example did a great job at having Personal and Work accounts on a single install.

The options available to solve this issue are all pretty bad.
Rating: 2 Votes
Avatar
jtara
4 days ago at 04:01 pm
This is awful. And stupid. And awfully stupid.

For our company account, NOBODY logs in to an Apple device using that ID. That will apply for most companies. Fortunately, need to log in with that account is minimal, since each developer uses their own linked account. When somebody DOES log in (to accept terms and conditions, to pay the yearly bill, etc. etc.) it will be different people who have access to the password.

The phone number goes to a VOIP line.

My own developer account is separate from the account that I log in to my Mac and iDevices with. Because I thought that was a Good Idea. At least I can verify by SMS.

But of course, SMS is a TERRIBLE way to do 2-factor authentication.

If they want to get serious, allow 2-factor with a dongle. And allow multiple dongles to be registered per account.
Rating: 2 Votes
Avatar
Kabeyun
4 days ago at 05:12 pm
Excellent. Leader in privacy & account security. Now maybe they’ll get sued ('https://www.macrumors.com/2019/02/09/apple-two-factor-authentication-lawsuit/') for it.
Rating: 2 Votes
Avatar
C DM
4 days ago at 11:09 pm

I am extremely happy about this. I hope within iOS 13 apple forces all user accounts with 2FA. Or they should keep more new features only for accounts to 2FA. We are humans & passwords are super easy to crack.

I do know that 70%+ of iTunes accounts are already 2FA enabled. So, hopefully their Black market value increases.

They should go with DNA checks to make it all more secure.
Rating: 1 Votes
[ Read All Comments ]